Home page logo
/

basics logo Security Basics mailing list archives

Re: How Windows Password Cracking Programs Work
From: "Michal Merta" <michal.merta () gmail com>
Date: Wed, 26 Jul 2006 14:17:29 +0200

Hi all,

these programs in most cases calculate (or there are some tools which
pre-calculate) hashes from text passwords and compare it with hash of
the passwords.
2 very similar passwords have completely different hashes, i.e.
password - 286755fad04869ca523320acce0dc6a4
passwords - 6f59c8e9229e384c2935e75075825566

(md5 algorithm used in previous example.)

The output of hash algorithms is all the time the same length.
For all hash functions its mathematically impossible (we hope :)) to
derive the original text password from encrypted hash.
But it can be that 2 different passwords have the same hash. Its
called "collision".
Regards, Michal


On 22 Jul 2006 15:33:12 -0000, winshel () camden rutgers edu
<winshel () camden rutgers edu> wrote:
Please excuse my lack of technical understanding of windows password cracking software.


My question is whether windows password cracking programs has to do with how these programs work.


Is it correct that they do not crack a password one character at a time?  That is, the password cracking programs 
aren't able to determine that they have cracked the first character, or the first two or first three characters?


Also, is it correct that password cracking programs aren't able to determine - ahead of time - how long a windows 
password is?


Thanks.



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




--
Michal Merta
Network Security Engineer
http://www.misuta.cz

The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of the
addressee(s) and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately and destroy all copies of this message and any
attachments.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault