
Mass audit of passwords “one button”

The basic idea is the same: an attempt to compose good “pieces” of possible passwords, concatenation of which will give a suitable password with a higher probability than a random set of characters. Thus, we can implicitly surrender to the algorithm everything that we understand as the “human factor”.
Good “pieces” can be obtained by knowing part of the passwords of the total, choosing the most commonly used character combinations. In order to reveal the starting number of passwords, you can use brute force, dictionaries and a hybrid dictionary attack.
Based on this, passwords like “QWEasdf1 $” should not be considered safe (large characters, small, numbers, special characters, sufficient length - everything seems to be fine?), Because they are easily decomposed into a set of possible character combinations (QWE, asdf, 1, $ - only four metacharacters).
Actually automation came down to the following scheme:
- the program loads a list of hashes (a fairly large set is assumed, this does not slow down the speed and increases the chances of success of the scheme);
- there is a direct enumeration for possible combinations (digital passwords, characters of limited length, special characters in a small number);
- then the dictionaries specified by the auditor are checked, including the concatenation of words from these dictionaries (so that you can quickly pick up combinations like “ihatethis”);
- received passwords are divided into pieces, the probability of occurrence of each piece is considered, a “good” dictionary is compiled;
- according to the dictionary obtained, endless enumeration of possible word combinations is performed.
That is, in addition to a set of pre-prepared dictionaries and a list of hashes, you do not need to know / change / configure anything else - in fact, there is a “push to hack” scheme, for which there were a lot of jokes.
I wrote the program in one day, so I myself do not expect ideal stability and universality from it, whatever it works. To use the power of video cards, CUDA technology and CUDA Utilities Toolkit are used.
You can download the sources from here: dl.dropbox.com/u/243445/md5h/src.7z
A binary for Win32 is here: dl.dropbox.com/u/243445/md5h/MD5BLAST.exe
(you also need the cutil32 library and CUDA Toolkit with developer.nvidia.com/cuda-toolkit-32-downloads#Windows )
To get started, create a hash_list.txt file with a list of hashes.
We start the program, and passwords slowly appear in the passwords.txt file. I did not write any hash-user-password binding, but is it really necessary?
If you are familiar with CUDA technology, then it is possible for optimal performance to change the GRID and THREADS constants for your video card. In addition, with the current parameters, the program requires up to 300 megabytes of free video memory (this value can be reduced using the ITERS constant).
I get about 100 megapasswords per second on the GTX460 (with an average password length of 15 characters and the number of hashes of about 10,000).