Brute Force Password Cracking

     In Linux, encrypted passwords cannot be decrypted. Most modern, technical encryption processes are now one-way (that is, there is no process to be executed in reverse that will reveal the password in plain text). This implementation of password schematics is called "hashing".

     A brute-force password hack attempts to guess the password, hash the password with the same algorithm as the original hash, and through a comparative analysis, try to match encrypted versions of the password to the original. These brute-force engines - programs that try word after word, often at high speeds, rely on the theory that eventually, it will encounter the right word or phrase. This theory has been proven to be sound, primarily due to the factor of human laziness. Users simply do not take care to create strong passwords (words that do not occur in dictionaries, etc..).

     Users are rarely, if ever, educated as to what are wise choices for passwords. If a password is in the dictionary, it is extremely vulnerable to being cracked, and users are simply not coached as to "safe" choices for passwords. Of those users who are so educated, many think that simply because their password is not in /usr/dict/words, it is safe from detection. Many users also say that because they do not have private files online, they are not concerned with the security of their account, little realizing that by providing an entry point to the system they allow damage to be wrought on their entire system by a malicious cracker.

     In order to crack a password with brute-force, one must obtain the password in its encrypted form. The encrypted form is needed so that as the crack engine hashes random (or not so random) words and phrases, it must compare the hashed result to the valid hashed password on the system. The hashed passwords are available in a file "/etc/passwd" on most older linux systems. On newer linux systems, obtaining this file is not enough, newer systems use a newer scheme called password shadowing. The file "/etc/shadow" now contains the hashed passwords and is not accessible by users of a system. Only the login daemon and root can access this file, therefore protecting a system from brute-force crack attempts.

     After obtaining the passwd file, one can extract the user's hashed password and insert it into a file where the engine will compare it with it's hashed attempts until it matches and the crack is successful. The brute-force engine often reads a dictionary file and begins hashing each word and comparing it word by word. This can be very time consuming on slower systems (thus making hashed passwords somewhat secure). In the future when computers are faster, 500Ghz or so, simple hashing will no longer be strong b/c 20 these machines clustered together will crack in a more timely manner.

Brute-force engines:

	CrackerJack by Jackal
	Qcrack by the Crypt Keeper
	John the Ripper by Solar Designer
	Star Cracker by the Sorcerer
	Killer Cracker by Doctor Dissector
	Hellfire Cracker by the Racketeer and the Presence
	Guess by Christian Beaumont

Linux Passwd Salts (encryption cycles):
cut -f 2 -d \: /etc/passwd | cut -c 1,2 | sort | uniq -c | more