Just a quick posting to recommend the following article:
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
It's easy to think that cracking passwords is a point and click activity ... just grab a big password list, recruit a bunch of processing power and let'r run. If you think that's how it works, you're wrong.
This article describes the process taken by three separate password cracking experts to attack the same list of password hashes. They approached the challenge with different tools, different approaches and achieved different results.
The key point (other than some nice tricks) is that as with many security endeavors, password cracking is a both a craft and an art. To be good at it, you need to know the underlying cryptography, you need to know your tools and you need to know how people behave. And then most importantly, you need to develop creative solutions based on your knowledge and hard earned experience.
As I go about my daily work in this field, I'm often reminded of the passion and craftsmanship I experienced a very long time ago when taking a wood working class. It was at a top design school, and I was a rank beginner surrounded by folks building beautiful pieces of furniture. They understood how to make wood do things I could only dream about, things that seemed like magic until you understood how they did it.
Kinda like figuring out that '3e93fb79e0970b6b8229ff8bec22d069' is the hash for 'qeadzcwrsfxv1331'.
:-)
No comments:
Post a Comment