Graphics Programs Reference
In-Depth Information
0x760
Password Cracking
Passwords aren't generally stored in plaintext form. A file containing all
the passwords in plaintext form would be far too attractive a target, so
instead, a one-way hash function is used. The best-known of these functions
is based on DES and is called
crypt()
, which is described in the manual
page shown below.
NAME
crypt - password and data encryption
SYNOPSIS
#define _XOPEN_SOURCE
#include <unistd.h>
char *crypt(const char *key, const char *salt);
DESCRIPTION
crypt() is the password encryption function. It is based on the Data
Encryption Standard algorithm with variations intended (among other
things) to discourage use of hardware implementations of a key search.
key is a user's typed password.
salt is a two-character string chosen from the set [a-zA-Z0-9./]. This
string is used to perturb the algorithm in one of 4096 different ways.
This is a one-way hash function that expects a plaintext password and a
salt value for input, and then outputs a hash with the salt value prepended
to it. This hash is mathematically irreversible, meaning that it is impossible to
determine the original password using only the hash. Writing a quick program
to experiment with this function will help clarify any confusion.
crypt_test.c
#define _XOPEN_SOURCE
#include <unistd.h>
#include <stdio.h>
int main(int argc, char *argv[]) {
if(argc < 2) {
printf("Usage: %s <plaintext password> <salt value>\n", argv[0]);
exit(1);
}
printf("password \"%s\" with salt \"%s\" ", argv[1], argv[2]);
printf("hashes to ==> %s\n", crypt(argv[1], argv[2]));
}
When this program is compiled, the crypt library needs to be linked.
This is shown in the following output, along with some test runs.
