RE: How many password cracking programs are there?

["Roger A. Grimes" <roger () banneretcs com>]

Last time I surveyed and tested each, I came up with 22 programs that
could or claim to do Windows logon password hacking. 

There are many categories: crackers, guessors, and resetters. Crackers
grab obscured data (i.e. password hashes, sniffs of network
challenge-response traffic, etc.) and attempt to convert to plaintext.
Guessors automate a remote logon process and put in the logon name and
potential password right into the GUI. Resetters (the most popular
type), just blank out or remove the previous password. The vast majority
of Windows password hacking tools are resetters (which have their use).

Best guessor in my opinion...Hydra (www.thc.org), with BrutusA2 as a
close second because of it's pretty GUI.

Best crackers in my opinion are:
LophtCrack is discontinued, but it was very fast with Windows password
hashes. There are some clones.

Cain (www.oxid.it) can crack and sniff all types of passwords. If you're
in computer security and you haven't tried this one, you need to. Slow
compared to the other two, but the prettiest, and most comprehensive.

John the Ripper is the fastest (next fastest on Windows hashes next to
Lophtcrack), but can do more than Windows password hashes. Not pretty,
but works on many platforms, and I know for sure that a popular company
will release a pretty GUI for it soon.

-----Original Message-----
From: winshel () camden rutgers edu [mailto:winshel () camden rutgers edu] 
Sent: Saturday, July 22, 2006 11:45 AM
To: security-basics () securityfocus com
Subject: How many password cracking programs are there?

This may seem like a silly question but, in many discussions of how
windows password cracking programs work, it seems that the same small
number of password cracking programs are mentioned (e.g., John the
Ripper,L0phtCrack,).

In order to understand how to protect a windows computer from password
cracking software, it would seem necessary to understand how the current
password cracking programs work.  But, aren't there lots and lots and
lots of password cracking programs?  There's tens of thousands of virus
programs - is there not a large number of password cracking programs?

Thanks.


------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
designated Norwich University a center of Academic Excellence in
Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------