Jumat, 27 Mei 2011

PasswordsPro - Welcome to mysterious world of hashes!

Many know that hashes are encoded passwords. Using hashes greatly increases safety of passwords storage, for example, in the forums, databases, etc. Let's assume, forum administrator has password "admin12345" which is certainly stored in the forum database. What is to be done to authenticate user on the forum? Input password shall be compared with "admin12345". If they match, administrator may enter the forum. It seems working great, but what if someone unautorized gets access to database and sees open password and can easily log in as administrator. Here hashes come to rescue. For instance, MD5-hash for "admin12345" password will look like "7488e331b8b64e5794da3fa4eb10ad5d" and it's exactly what we store in our database, not a password itself. During user authentication input password is converted to hash to compare with the hash stored in the database - if these two match that means input password is correct and logging on is successful.

But what if we need to perform reverse action - to try to restore password from hash? It's impossible to do that directly, as any hashing algorithm is password's checksum calculation. This process involves irreversible mathematical operations like logical operation AND, etc. For example, even knowing Y and Z we can never find exact X from "X AND Y = Z" equation (all we can do is calculation of range of possible X values satisfying the equation).

So if we need to find password for certain hash there's the only way to generate hashes for different passwords and then compare hashes we got with source one. If they match, it means exactly the source password is found as possibility of collision (i.e. another password which has hash matching our source hash) is very low - for example, it is (1 / 2128) in case of MD5-hashing.

Here PasswordsPro comes in handy - it is a professional tool for passwords check and recovery of passwords for hashes. It's main purpose is to recover your forgotten password when you have only one hash, or check passwords for crack-resistance.

This unique program supports about 40 types of hashes, and any new type can easily be added through writing your own DLL-hashing module.

Built-in types of hashes:

Supported types of hashes: MySQL, MySQL5, DES(Unix), MD4, MD4(HMAC), MD5, MD5(HMAC), MD5(Unix), MD5(APR), SHA-1, SHA-1(HMAC), SHA-256, SHA-384, SHA-512, Domain Cached Credentials, Haval-128, Haval-160, Haval-192, Haval-224, Haval-256 and others. The program also supports many complex hashes like md5($pass.$salt), md5($salt.$pass), md5(md5($pass)), etc. Third-party developers had already written modules for PasswordsPro for such types of hashes as MD2, Oracle DES, MS SQL and many others, including hashes no one else program in the world works but PasswordsPro!
Program uses the following methods to recover passwords:

- Preliminary attack;
- Brute-force attack (including distributed attack);
- Mask attack;
- Simple dictionary attack;
- Combined dictionary attack;
- Hybrid dictionary attack;
- Pre-calculated Rainbow-table attack.

PasswordsPro also has the following features:

- Recovery of the passwords up to 127-symbol length;
- Recovery of the passwords for incomplete hashes of any type;
- Editing of users' hashes;
- Search of users' list for required data;
- Quick addition of hash through dialog box;
- Quick check of current password for all hashes in the list;
- Unlimited number of dictionaries used for dictionary attack;
- Unlimited number of tables used for Rainbow-table attack.

Important feature of PasswordsPro it is friendly interface - all hash manipulations are made with literally couple clicks, what makes passwords check very convenient, pictorial and effective.

Another significant advantage of the program is work with Rainbow-tables for any hashing algorithms. These tables can be generated with RTGEN utility of version 1.2. or later. I.e. you can generate tables for SHA-512 algorithm, and PasswordsPro will immediately start working with them.

If you still couldn't find password for your hash, you can always get help at PasswordsPro forum.

Program has Shareware status and is distributed as Demo-version which has the only limitation - number of hashes to import for check is 1, while licensed version doesn't limit this number.

Tidak ada komentar:

Posting Komentar