Coding Challenge " Password Cracker "
This challenge is to build your own version of John the Ripper or CrackStation. These are password cracking tools that can be used to recover passwords, by penetration testers and of course bad guys.
We’re going to take a look at them because they provide an interesting way of learning several different things - you can pick and choose where you focus from the list:
How to implement cryptographic hash functions - you can build these by hand if learning how to code them interests you, otherwise you can use the ones available for your programming language.
How and why certain approaches to storing passwords are insecure so you have a better understanding of how to build a secure system and to securely store passwords for the systems that you develop.
How to build and optimise a computationally expensive piece of software.
The Challenge - Building A Password Cracker
The evolution of user authentication in multi-user systems has progressed from storing plaintext passwords, which were insecure, to using hashed passwords for improved security. However, with the growth in the number of users, the problem of weak passwords became apparent, as users tended to choose common and easily guessable passwords. Attackers exploited this by using techniques such as dictionary attacks and brute force attacks on hashes.
To address this, more complex hash functions and longer passwords with a mix of case, numbers, and symbols were introduced. However, attackers adapted by using rainbow tables, which are pre-computed tables of common passwords and their corresponding hashes. To counteract this, new algorithms and the technique of salting, adding unique random data to each password before hashing, were implemented.
The challenge at hand involves building a password cracker that incorporates these techniques to enhance security in the face of evolving attack methods.
We’re going to take a look at them because they provide an interesting way of learning several different things - you can pick and choose where you focus from the list:
How to implement cryptographic hash functions - you can build these by hand if learning how to code them interests you, otherwise you can use the ones available for your programming language. How and why certain approaches to storing passwords are insecure so you have a better understanding of how to build a secure system and to securely store passwords for the systems that you develop. How to build and optimise a computationally expensive piece of software.The Challenge - Building A Password Cracker
The evolution of user authentication in multi-user systems has progressed from storing plaintext passwords, which were insecure, to using hashed passwords for improved security. However, with the growth in the number of users, the problem of weak passwords became apparent, as users tended to choose common and easily guessable passwords. Attackers exploited this by using techniques such as dictionary attacks and brute force attacks on hashes.
To address this, more complex hash functions and longer passwords with a mix of case, numbers, and symbols were introduced. However, attackers adapted by using rainbow tables, which are pre-computed tables of common passwords and their corresponding hashes. To counteract this, new algorithms and the technique of salting, adding unique random data to each password before hashing, were implemented.
The challenge at hand involves building a password cracker that incorporates these techniques to enhance security in the face of evolving attack methods.
Steps in comments below
A fast password cracker for Unix, macOS, Windows, DOS, BeOS, and OpenVMS
