Mass audit of passwords “one button”

    Continuing to torment the hashes obtained with antichat (but who needs them?) Could not resist creating a fast enough tool that automatically applies the methods discussed in the article . Now video cards are already in use, and there was enough smoke break to select 60% of passwords. With a search speed of over 100 mpwd / s , the use of hybrid technology and frequency analysis, this does not seem to be an amazing result, which in general should finally make us reconsider the attitude to the password storage methods of those who still have not bothered with this. Below is a little discussion about the approach taken and, of course, the program itself.

    The basic idea is the same: an attempt to compose good “pieces” of possible passwords, concatenation of which will give a suitable password with a higher probability than a random set of characters. Thus, we can implicitly surrender to the algorithm everything that we understand as the “human factor”.

    Good “pieces” can be obtained by knowing part of the passwords of the total, choosing the most commonly used character combinations. In order to reveal the starting number of passwords, you can use brute force, dictionaries and a hybrid dictionary attack.

    Based on this, passwords like “QWEasdf1 $” should not be considered safe (large characters, small, numbers, special characters, sufficient length - everything seems to be fine?), Because they are easily decomposed into a set of possible character combinations (QWE, asdf, 1, $ - only four metacharacters).

    Actually automation came down to the following scheme:
    • the program loads a list of hashes (a fairly large set is assumed, this does not slow down the speed and increases the chances of success of the scheme);
    • there is a direct enumeration for possible combinations (digital passwords, characters of limited length, special characters in a small number);
    • then the dictionaries specified by the auditor are checked, including the concatenation of words from these dictionaries (so that you can quickly pick up combinations like “ihatethis”);
    • received passwords are divided into pieces, the probability of occurrence of each piece is considered, a “good” dictionary is compiled;
    • according to the dictionary obtained, endless enumeration of possible word combinations is performed.

    That is, in addition to a set of pre-prepared dictionaries and a list of hashes, you do not need to know / change / configure anything else - in fact, there is a “push to hack” scheme, for which there were a lot of jokes.

    I wrote the program in one day, so I myself do not expect ideal stability and universality from it, whatever it works. To use the power of video cards, CUDA technology and CUDA Utilities Toolkit are used.

    You can download the sources from here: dl.dropbox.com/u/243445/md5h/src.7z
    A binary for Win32 is here: dl.dropbox.com/u/243445/md5h/MD5BLAST.exe
    (you also need the cutil32 library and CUDA Toolkit with developer.nvidia.com/cuda-toolkit-32-downloads#Windows )

    To get started, create a hash_list.txt file with a list of hashes.

    We start the program, and passwords slowly appear in the passwords.txt file. I did not write any hash-user-password binding, but is it really necessary?

    If you are familiar with CUDA technology, then it is possible for optimal performance to change the GRID and THREADS constants for your video card. In addition, with the current parameters, the program requires up to 300 megabytes of free video memory (this value can be reduced using the ITERS constant).

    I get about 100 megapasswords per second on the GTX460 (with an average password length of 15 characters and the number of hashes of about 10,000).

    Also popular now: