[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] How I became a password cracker
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2013-03-25 7:54:58
Message-ID: alpine.DEB.2.02.1303250254470.15179 () infosecnews ! org
[Download RAW message or body]

http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/

By Nate Anderson
Ars Technica
Mar 24 2013

At the beginning of a sunny Monday morning earlier this month, I had never 
cracked a password. By the end of the day, I had cracked 8,000. Even though I 
knew password cracking was easy, I didn't know it was ridiculously easy—well, 
ridiculously easy once I overcame the urge to bash my laptop with a 
sledgehammer and finally figured out what I was doing.

My journey into the Dark-ish Side began during a chat with our security editor, 
Dan Goodin, who remarked in an offhand fashion that cracking passwords was 
approaching entry-level "script kiddie stuff." This got me thinking, 
because—though I understand password cracking conceptually—I can't hack my way 
out of the proverbial paper bag. I'm the very definition of a "script kiddie," 
someone who needs the simplified and automated tools created by others to mount 
attacks that he couldn't manage if left to his own devices. Sure, in a moment 
of poor decision-making in college, I once logged into port 25 of our school's 
unguarded e-mail server and faked a prank message to another student—but that 
was the extent of my black hat activities. If cracking passwords were truly a 
script kiddie activity, I was perfectly placed to test that assertion.

It sounded like an interesting challenge. Could I, using only free tools and 
the resources of the Internet, successfully:

Find a set of passwords to crack
Find a password cracker
Find a set of high-quality wordlists and
Get them all running on commodity laptop hardware in order to
Successfully crack at least one password
In less than a day of work?

[...]



______________________________________________
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org

[prev in list] [next in list] [prev in thread] [next in thread]