Hi,
There are a few different approaches you can use and you're already mentioned a couple of them.
This is good for discovering the #low hanging fruit' i.e. the weakest passwords in the stack. A good password cracker will also try variations of the dictionary list e.g. changing case, adding number to the end etc.
- Brute force/Incremental attack
This method hashes all permutations of a given character set and compares this to the given hash. This can take a long time but will eventually discover the password given enough time. If the password is long and complex it may become infeasible.
A variation on the brute force attack. A rainbow table is a precomputed set of hashes as opposed to one created at the time of cracking. You simply take your hash can look it up in the table. If it's there you have your password.
[/list]
Recommended tools:
John The Ripper - An excellent password cracker -
http://www.openwall.com/john/RainbowCrack - Rainbow table generator -
http://www.antsight.com/zsl/rainbowcrack/GData - Online MD5 cracker, I've not tested this one -
http://gdataonline.com/seekhash.phpYou should find plenty of documentation on the web, google is your friend.
Jimbob
News Items and General Discussion About EH-Net : Change is Coming to EH-Net!!
