Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one

Adeptus-Mechanicus - BlogMe


Cracking Passwords 101

A question I have gotten multiple times recently is “how do I do password cracking?”. People think they need to start with big dictionaries, clever rules, or other stuff. While that is useful, the truth is getting started is not difficult. If anything it is .. repetitive. Seriously. To show you what I mean I figured a practical demostration would be in order. So lets start with the “rootkit.com” hashlist and get “hashcat” and “john the ripper”. Now follow along and see how you do:
Address : <http://www.adeptus-mechanicus.com/codex/crkpass/crkpass.php>

Published by erich, on January 24th, 2013 at 4:13 am. Filled under: General2 Comments

2 Responses to “Cracking Passwords 101”

  1. Could you give some tips on getting hashcat to defeat passwords consisting of multiple dictionary words? I had the idea that a memorable password consisting of multiple words could be secure if it was long enough but wanted to test the logic of this first 😉

    Comment by James on March 26, 2013 at 1:05 am



  2. Good question. A multiple word passphrase could be secure just due to the number of characters involved, but if it is a popular or memorable phrase (ie – “once upon a time”) then it will probably be in the popular dictionaries used already. Also bear in mind that many password crackers have already used popular quotes from books and films to create dictionaries to use against these types of passwords. So a long passphrase is good, a popular passphrase is not 🙂

    Comment by erich on April 7, 2013 at 10:58 pm



Leave a Reply