418 0x700
0x760 Password Cracking...................................................................................
Passwords aren’t generally stored in plaintext form. A file containing all
the passwords in plaintext form would be far too attractive a target, so
instead, a one-way hash function is used. The best-known of these functions
is based on DES and is called crypt(), which is described in the manual
page shown below.NAME
crypt - password and data encryptionSYNOPSIS
#define _XOPEN_SOURCE
#include <unistd.h>char *crypt(const char *key, const char *salt);DESCRIPTION
crypt() is the password encryption function. It is based on the Data
Encryption Standard algorithm with variations intended (among other
things) to discourage use of hardware implementations of a key search.key is a user's typed password.salt is a two-character string chosen from the set [a–zA–Z0–9./]. This
string is used to perturb the algorithm in one of 4096 different ways.This is a one-way hash function that expects a plaintext password and a
salt value for input, and then outputs a hash with the salt value prepended
to it. This hash is mathematically irreversible, meaning that it is impossible to
determine the original password using only the hash. Writing a quick program
to experiment with this function will help clarify any confusion.crypt_test.c
#define _XOPEN_SOURCE
#include <unistd.h>
#include <stdio.h>int main(int argc, char *argv[]) {
if(argc < 2) {
printf("Usage: %s <plaintext password> <salt value>\n", argv[0]);
exit(1);
}
printf("password \"%s\" with salt \"%s\" ", argv[1], argv[2]);
printf("hashes to ==> %s\n", crypt(argv[1], argv[2]));
}When this program is compiled, the crypt library needs to be linked.
This is shown in the following output, along with some test runs.