Miscellaneous > Programming & Networking

Linux Password Files

<< < (2/2)

voidmain:
I guess we didn't answer your question.  C is a good language to use to write a password cracking program, although you can use about any language.  I have written C programs using the standard "crypt()" function in UNIX.  It is actually very easy.  

However, I used to use a program called "crack" which was open source to check all of our systems and make sure our users were using good passwords.  I had it set up to send an email message to the user and make them change their password if I could crack it.  Also, the standard "crypt()" function is not the best for a cracking program.  I don't know if it is still true, but it used to be written very ineficiently, in fact delays were built in to the function so as to prevent being used in password cracking programs.  It would still be perfect for legitimate system use.  So the program "crack" came with it's own encryption functions (I believe it was called "ufccrypt").  Then password cracking could be done at optimal speed. "john" is another good password cracking program.  Both "john" and "crack" are open source so you can look at the code for examples.

The only reason I am answering your question is there are legit uses for password cracking and I assume you are doing it on the up and up. And it's a good easy learning C project.

[ August 01, 2002: Message edited by: VoidMain ]

Master of Reality:
isnt the actual password the key to unencrypt it?

voidmain:
Actually, the password IS the key, but it's not used to "decrypt".  When you type your password in to an authentication prompt (login, su, etc) the password you type in is run through the crypt() function and the resulting string is compared with the stored string associated with your userid in the password file. If they match then you are allowed in.

Or something like that...

Now there are times when you do need to decrypt as well as encrypt, that's when you need to securely transmit data. PGP, SSH, SSL, IPSEC are examples of this. There are usually multiple keys involved with these types of encryption/decryption. Both public and private.

[ August 02, 2002: Message edited by: VoidMain ]

choasforages:
yeah, voidmain is correct on password cracking, and yes, it would be a good c++ project, i think i am going to work on it. but i want to mess with blowfish. and not standerd des. as for one way hash. i had a calc basic prog that made one way hashes i think. i could post the code for it, if i could remeber what it was

Navigation

[0] Message Index

[*] Previous page

Go to full version