Password cracking: Difference between revisions
Jump to navigation
Jump to search
Line 24: | Line 24: | ||
* Trade-off between size of table (and time to generate) and coverage. May not be worthwhile building lookup tables for anything more than dictionary words and common passwords. | * Trade-off between size of table (and time to generate) and coverage. May not be worthwhile building lookup tables for anything more than dictionary words and common passwords. | ||
Possible contents of lookup tables: | |||
* Dictionary words | * Dictionary words |
Revision as of 15:53, 24 July 2018
Initial steps
Steps required for password cracking software:
- Identify which columns contain the username and the password (hashed or otherwise). May be easier to convert to a standard internal representation before processing.
- Identify the algorithm used.
- Identify whether a salt is used.
From these there are multiple stages:
- If no salt is used (e.g. plain MD5), consult a pre-computed lookup table.
Identifying an algorithm
- Length: 32 characters (16 bytes) is likely to be MD5.
- Characters: 0-9a-fA-F is likely to be MD5.
Lookup tables
- How should these be delivered? Plain text file, SQLite database, Lightning Memory-Mapped Database (LMDB), something else?
- What options does the chosen language support?
- Which options are the most efficient?
- Can lookup tables be built entirely in memory and then flushed to disk? Regular flushing as used by SQLite prevents data loss but may take longer due to regular I/O. (answer: Yes, just put the whole thing in a huge transaction and commit at the end).
- Trade-off between size of table (and time to generate) and coverage. May not be worthwhile building lookup tables for anything more than dictionary words and common passwords.
Possible contents of lookup tables:
- Dictionary words
- Common words not in dictionary (e.g. TV shows)
- Simple combinations, such as dictionary word concatenated with '1', '123' etc.
- Every possible combination of case and 0-9a-z from 6-12 characters in length.
Languages
Language choice is a combination of speed and available libraries. Obvious initial candidates are:
- C
- CPython (reference implementation of Python)
- PyPy (Python written in Python - supposedly faster than CPython but sometimes behind in terms of version support)
Libraries
Ultimately most crypto libraries end up being a wrapper around OpenSSL.
Python
- hashlib is the Python wrapper around OpenSSL and appears to be in the standard library.
- Python bindings to LMDB