lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1891c7e0c8f7b22f5a72d3491bb0f0cb@webmail.webfaction.com>
Date: Sun, 17 Feb 2013 20:56:51 -0800
From: iphelix <iphelix@...sprawl.org>
To: <full-disclosure@...ts.grok.org.uk>
Subject: PACK 0.0.3 - Password Analysis and Cracking Kit

Hello fulldisclosure,

I would like to share an update to a toolkit built to aid in password
cracking and analysis attacks.

PACK (Password Analysis and Cracking Toolkit) is a collection of 
utilities
for analysis of plaintext passwords to find common patterns such as 
word
mangling rules, password masks and source words. All of the tools
produce output for the Hashcat password cracker.

The latest update includes a rule generation engine (rulegen.py)
which uses a Reverse Levenshtein Paths algorithm to reverse word 
mangling
rules. For example, the analysis of the password "1P@...0D" would 
produce
the following rules and source words in the Hashcat format:

[+] Password => ^1 sa@ u sO0 D7 => 1P@...0D
[+] Password => ^1 sa@ u D6 sR0 => 1P@...0D

Using the above information you could attempt to recover passwords 
using
similar rules and/or source words.

Other tools in the kit can produce similar analysis of character-set 
masks
used to produce passwords. For example, "Password123" would produce a 
mask
?u?l?l?l?l?l?l??d?d?d that once more could be applied against still
uncovered hashes. At last, you can get general password statistics such
as length, character sets and other patterns.

PACK (Password Analysis and Cracking Kit) source and documentation:
http://thesprawl.org/projects/pack/

Automatic Password Rule Analysis and Generation research paper:
http://thesprawl.org/research/automatic-password-rule-analysis-generation/

Sincerely,
  -Peter



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ