426 0x700
Of course, there are downsides. First, it takes at least as long to create the
matrix as the original brute-force attack would have taken; however, this is a
one-time cost. Also, the salts still tend to prohibit any type of storage attack,
even with the reduced storage-space requirements.
The following two source code listings can be used to create a password
probability matrix and crack passwords with it. The first listing will generate a
matrix that can be used to crack all possible four-character passwords salted
with je. The second listing will use the generated matrix to actually do the
password cracking.ppm_gen.c
/*****\
- Password Probability Matrix File: ppm_gen.c
- Author: Jon Erickson [email protected] *
- Organization: Phiral Research Laboratories *
- This is the generate program for the PPM proof of *
- concept. It generates a file called 4char.ppm, which *
- contains information regarding all possible 4- *
- character passwords salted with 'je'. This file can *
- be used to quickly crack passwords found within this *
- keyspace with the corresponding ppm_crack.c program. *
- *****/
#define _XOPEN_SOURCE
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#define HEIGHT 16384
#define WIDTH 1129
#define DEPTH 8
#define SIZE HEIGHT WIDTH DEPTH
/ Map a single hash byte to an enumerated value. /
int enum_hashbyte(char a) {
int i, j;
i = (int)a;
if((i >= 46) && (i <= 57))
j = i - 46;
else if ((i >= 65) && (i <= 90))
j = i - 53;
else if ((i >= 97) && (i <= 122))
j = i - 59;
return j;
}
/ Map 3 hash bytes to an enumerated value. /
int enum_hashtriplet(char a, char b, char c) {