Department

Department of Computer Science

First Advisor

Dr. Ruben Gamboa

Description

When a modern system stores passwords, it doesn’t store them in plain text because of the security risk this would pose if the server were compromised. Instead it uses one-way mathematical functions called hash functions. The system takes a password, say ‘123456’, and applies the hash function to it, this transforms it into a string of hexadecimal characters, in the case of our example, ‘e10adc3949ba59abbe56e057f20f883e’. While it is not generally possible to directly reverse the computations that produced the hash, it is possible to recreate that hash using a variety of brute force methods. Our project, Mighty Cracker, is a program designed to use these methods to “crack” passwords. It is designed to be able to run on a single computer or using one computer as a server with one or more connected nodes. Our program is written in Python and runs on Windows 7, Mac OS X, and Linux using either a command line interface (CLI) or a graphical user interface (GUI). We have implemented the three most common attacks used to crack passwords: dictionary, rainbow table, and exhaustive brute force attacks. Each attack method utilizes parallel processing both on the multiple cores of a single machine and across multiple networked machines. Our software is able to crack passwords using several of the most common hash functions including MD5, SHA1, and SHA256. We are not, by any means the first to write a program to perform these functions, we do not claim our program is faster or more powerful than the other solutions out there. The goal of our program is to create an accessible cross platform solution that allows quick and easy setup either on a single machine or across a mixed group of networked machines. To this end, there is no additional effort needed to set up a server compared to a single computer. Additionally, nodes need only the IP address of the server to connect and begin computation. The ability to simply run an executable on each machine, coupled with a simple, easy-to-use GUI, makes our program much more accessible to the masses. It is our hope that seeing our easy-to-use program cracking weak passwords will serve as a wakeup call to everyone to show them why they should take password security seriously.

Comments

Oral and Poster Presentation

Included in

Education Commons

Share

COinS
 

Mighty Cracker Presentation

When a modern system stores passwords, it doesn’t store them in plain text because of the security risk this would pose if the server were compromised. Instead it uses one-way mathematical functions called hash functions. The system takes a password, say ‘123456’, and applies the hash function to it, this transforms it into a string of hexadecimal characters, in the case of our example, ‘e10adc3949ba59abbe56e057f20f883e’. While it is not generally possible to directly reverse the computations that produced the hash, it is possible to recreate that hash using a variety of brute force methods. Our project, Mighty Cracker, is a program designed to use these methods to “crack” passwords. It is designed to be able to run on a single computer or using one computer as a server with one or more connected nodes. Our program is written in Python and runs on Windows 7, Mac OS X, and Linux using either a command line interface (CLI) or a graphical user interface (GUI). We have implemented the three most common attacks used to crack passwords: dictionary, rainbow table, and exhaustive brute force attacks. Each attack method utilizes parallel processing both on the multiple cores of a single machine and across multiple networked machines. Our software is able to crack passwords using several of the most common hash functions including MD5, SHA1, and SHA256. We are not, by any means the first to write a program to perform these functions, we do not claim our program is faster or more powerful than the other solutions out there. The goal of our program is to create an accessible cross platform solution that allows quick and easy setup either on a single machine or across a mixed group of networked machines. To this end, there is no additional effort needed to set up a server compared to a single computer. Additionally, nodes need only the IP address of the server to connect and begin computation. The ability to simply run an executable on each machine, coupled with a simple, easy-to-use GUI, makes our program much more accessible to the masses. It is our hope that seeing our easy-to-use program cracking weak passwords will serve as a wakeup call to everyone to show them why they should take password security seriously.