Anecdota

Laughter is the Best Medicine

crack (C)


SPEAKER 1: Let’s get cracking
and hack into some accounts. Our to dos for this problem are twofold. One, we’ll want to get
the hashed password. And then two, we’ll want to take
that hashed password and crack it. So the hashed password will be
passed in to us via the command line. So you’ll also want to
instruct the user if they haven’t used your program correctly. Next, we’ll want to crack that password. To do this we’re going to
make a couple of assumptions. The first is that all
of the passwords are going to be hashed with C’s
DES-based crypt function. Take a moment and check
out the manual page for crypt, where you’ll find
that for a DES-based algorithm, the “salt” is the first two
characters of the hashed password. And the crypt function takes in two
arguments, the key and the salt. So check out the passwords
that we’ve provided to you and see what the salt in our case is. So the next thing to do
is to crack the password. We’ll return to the principle that
hashing a word with the very same hash function will always
return the same hash. So that means that if we try
a word and hash that try, if the hashes match the
given hash by the user then we can assume that we’ve
successfully cracked the password. In order to guess
those words, then we’ll have to make a couple of assumptions. And we tell you that these passwords
are no longer than four characters long, and that they’re comprised entirely
of alphabetical characters. So your biggest job for
this problem is to think of a way to iterate over and
generate plain text to be hashed. Now remember that the assumption
is that the passwords can be up to four characters long. Meaning that there could be
shorter passwords as well. And these passwords are
case sensitive, meaning that an upper case A is going to be a
different password than a lowercase a. You might want to consider generating
an array of up to 5 bytes, where the last byte is going
to be our backslash zero. Then you’ll want to iterate over,
perhaps with just one character, and then add in two, and then its
three, and then four characters long, making sure to reach all
possible permutations of letters. So once the hash of your guess matches
the hash that the user has given you, you’ve successfully
found their password. My name is [? Amaila, ?]
and this was crack.

15 thoughts on “crack (C)

  1. lmao
    "The DES algorithm itself has a few quirks which make the use of the crypt() interface a very poor choice for anything other than password authentication. If you are planning on using the crypt() interface for a cryptography project, don't do it: get a good book on encryption and one of the widely available DES libraries."

  2. I have a general thought on what I need to do. Generate a hash for combinations of characters up to 4 characters long as required, each time comparing with the hash provided, if it's a match, print the combination of characters.
    Problem is tho, I don't understand how to use the crypt function, an example use would've been great, but not much info has been offered on this, so I guess i need to find it on my own.

  3. I dont understand one thing: How must we assume that the passwords are 4 characters long, when some of the provided ones for testing are above 4? Also, how is it possible that "rbowden" returns the same hash as rofl?

Leave a Reply

Your email address will not be published. Required fields are marked *