crack- Brute Force Password Cracking
Modern computers overwhelmingly use multi-core architectures. Exploiting this hardware for parallel programming (creating a program that executes simultaneously on more than one processor core) requires the use of multiple threads. We will use one of the most basic threading interfaces, Pthreads, to create a multi-threaded password cracking program.
In this lab, you will:
crypt_r()to guess password hashes
This is a solo assignment. Please do not collaborate with other students on this assignment.
crack <threads> <keysize> <target>
crack should attempt to find the password associated to the target DES hash.
It does this by trying all possible lowercase alphabetic (a-z) passwords of length
keysize. The program should run with
threads concurrent threads for
Linux/Unix user passwords are never stored on the system. Instead, a function called a hash is applied to the password. Then, the hashed password is stored, traditionally in /etc/passwd or more recently in /etc/shadow. The classic hash function on Unix systems is crypt(3). To make things harder on crackers, crypt also uses a two character string called a salt which it combines with the password to create the hash. Schematically:
password + salt => crypt() => hash
The salt is visible in the hash as the first two characters. As an example, a
'apple' and salt
'na' become the hash
The crack program should extract the salt from the first two characters of
target, then repeatedly call
crypt() using all possible passwords built of up to
keysize lowercase alphabetic characters. For example, if the given
four then your program would iterate over all strings
'aaaa', 'aaab', 'aaac', ..., 'zzzz'
looking for one that hashes to the given input. If a match is not found, it would also look through
all strings of length less than
When a match to
target is found, the program should print the cracked password
and exit immediately. If the entire space of passwords is searched with no
match, the program should exit with no output.
Start by writing a short program that uses
crypt() to encrypt a
given password and salt. You can also encrypt using
the one line perl command:
perl -e 'print crypt("apple","na")'
Don't forget to compile with the -lpthread and -lcrypt options.
The maximum allowed keysize is 8 (since crypt only uses the first 8 characters of the password anyway).
You might want to write this first as a single threaded program. Just remember
crypt() won't work with multiple threads - you need to switch to
You need to check passwords of length
keysize, but don't forget you also need
to check the shorter ones. The simplest way is probably to write a function that
checks all passwords which are exactly a given length, and then have main call
it in a loop from 1 to
timecommand to measure how long your program takes to search the entire space of five-letter passwords. Hash '
Create a .tgz archive of your lab directory and email it to
Your submission must include a makefile
that will compile your program by simply issuing the command
make. You must also include a text file with your
answers to the required exercises. Please include your name and the names of
any partners in the body of your email.
The simple syntax for creating a .tgz archive is as follows:
tar -zvcf new_archive.tgz lab_directory
The syntax for unpacking a .tgz archive is:
tar -zvxf archive.tgz
Note that your archive must not include any binary executable files, meaning any compiled programs or intermediate build objects (.o files, for example). This will cause your email to be rejected by most services.