RE: Password Cracking; Re:

[Simon Zuckerbraun <szucker () sst-pr-1 com>]

LC and John are password cracking tools.

What is a password cracking tool?

Rather amazingly, computers don't store passwords*. When you set a 
password, the computer uses the letters of the password to calculate a 
large number called a "hash". The computer then stores the hash and 
discards the actual password. Later on, when you enter your password to 
gain access, the computer calculates the hash again from the password 
you enter. If it matches the hash that was stored, the computer lets you in.

The purpose of this scheme is to make things tougher for any attacker 
who tries to steal your password by examining your hard drive. He won't 
find any password there, only a hash.

A password cracking tool is an automatic program that takes a hash and 
tries to figure out what the password is. This can be quite a difficult 
operation. It does this by automatically guessing very large numbers of 
possible passwords.

Simon

* Assuming proper security design :-)

-----Original Message-----
From: Prasanna M [mailto:PrasannaM () catsglobal co in]
Sent: Wednesday, September 08, 2004 2:16 AM
To: dcoletta12 () hotmail com
Cc: 'Simon Zuckerbraun '; 'rtfm () o2 ie'
Subject: Password Cracking; Re:


just what are LC & John? (am new to security domain, sry) :-D
Prasanna

-----Original Message-----
From: Simon Zuckerbraun

Sent: 9/5/2004 8:34 AM
Subject: RE: Password Cracking

If I understand correctly, LC is capable of doing what you're asking.

Simon

-----Original Message-----
From: Eoin Fleming [mailto:rtfm () o2 ie]
Sent: Friday, August 27, 2004 4:44 PM

Subject: Password Cracking


Bit of an unusual one -

Lets imagine you are a security administrator at a company - strong
passwords are enforced but you suspect that there may be exceptions and
you want to raise management awareness of breaches of the password
policy BUT you can't run cracking software as then you will know
individuals passwords - which you don't want to know as this breaks
acountability rather nicely.

In short - is there software that can perform the function of LC and
John without giving the admin the password but rather rate the password
against against a set criteria?

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class 
sizes are guaranteed to be 12 students or less to facilitate one-on-one 
interaction with one of our expert instructors. Gain the in-demand 
skills of a certified computer examiner, learn to recover trace data 
left behind by fraud, theft, and cybercrime perpetrators. Discover the 
source of computer crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------