Crack (software)
Encyclopedia
Crack is a Unix
password cracking
program designed to allow system administrators
to locate users who may have weak password
s vulnerable to a dictionary attack
.
Crack began in 1990 when Alec Muffett, a Unix
system administrator
at the University of Wales
Aberystwyth
was trying to improve Dan Farmer
's 'pwc' cracker in COPS
and found that by re-engineering its memory management he got a noticeable performance increase. This led to a total rewrite which became "Crack v2.0" and further development to improve usability.
newsgroups alt.sources and alt.security on 15 July 1991. Crack v3.2a+fcrypt, posted to comp.sources.misc on 23 August 1991, introduced an optimised version of the Unix
crypt function
but was still only really a faster version of what was already available in other packages.
The release of Crack v4.0a on 3 November 1991, however, introduced several new features that made it a formidable tool in the system administrators
arsenal.
Crack v5.0a released in 2000 did not introduce any new features, but instead concentrated on improving the code and introducing more flexibility, such as the ability to integrate other crypt variants such as those needed to attack the MD5
password hashes used on more modern Unix
and Linux
systems. It also bundled Crack v6 - a minimalist password cracker and Crack v7 - a brute force password cracker.
tools simply fed a pre-existing dictionary of words through the crypt function Crack v4.0a introduced the ability to apply rules to this word list to generate modified versions of these word lists.
These could range from the simple (do not change) to the extremely complex - the documentation gives this as an example:
These rules could also process the GECOS field
in the password file, allowing the program to use the stored names of the users in addition to the existing word lists.
Crack v4.0a introduced the ability to use a network of heterogeneous workstations connected by a shared filesystem as parts of a distributed password cracking
effort.
All that was required for this was to provide Crack with a configuration file containing the machine names, processing power rates and flags required to build Crack on those machines and call it with the -network option.
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
password cracking
Password cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
program designed to allow system administrators
System administrator
A system administrator, IT systems administrator, systems administrator, or sysadmin is a person employed to maintain and operate a computer system and/or network...
to locate users who may have weak password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
s vulnerable to a dictionary attack
Dictionary attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...
.
Crack began in 1990 when Alec Muffett, a Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
system administrator
System administrator
A system administrator, IT systems administrator, systems administrator, or sysadmin is a person employed to maintain and operate a computer system and/or network...
at the University of Wales
University of Wales
The University of Wales was a confederal university founded in 1893. It had accredited institutions throughout Wales, and formerly accredited courses in Britain and abroad, with over 100,000 students, but in October 2011, after a number of scandals, it withdrew all accreditation, and it was...
Aberystwyth
University of Wales, Aberystwyth
Aberystwyth University is a university located in Aberystwyth, Wales. Aberystwyth was a founding Member Institution of the former federal University of Wales. As of late 2006, the university had over 12,000 students spread across seventeen academic departments.The university was founded in 1872 as...
was trying to improve Dan Farmer
Dan Farmer
Dan Farmer is an American computer security researcher. In a summer course in 1989, in order to graduate from Purdue University he started the development of the COPS program for identifying security issues on Unix systems under Gene Spafford, first releasing it after leaving Purdue in late 1989...
's 'pwc' cracker in COPS
COPS (software)
COPS was the first common Unix computer system security scanning tool,created by Dan Farmer; Gene Spafford helped him start it in 1989 while Dan was in summer school at Purdue University.-Features:...
and found that by re-engineering its memory management he got a noticeable performance increase. This led to a total rewrite which became "Crack v2.0" and further development to improve usability.
Public releases
The first public release of Crack was version 2.7a, which was posted to the UsenetUsenet
Usenet is a worldwide distributed Internet discussion system. It developed from the general purpose UUCP architecture of the same name.Duke University graduate students Tom Truscott and Jim Ellis conceived the idea in 1979 and it was established in 1980...
newsgroups alt.sources and alt.security on 15 July 1991. Crack v3.2a+fcrypt, posted to comp.sources.misc on 23 August 1991, introduced an optimised version of the Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
crypt function
Crypt (Unix)
In Unix computing, crypt is the name of both a utility program and a C programming function. Though both are used for encrypting data, they are otherwise essentially unrelated...
but was still only really a faster version of what was already available in other packages.
The release of Crack v4.0a on 3 November 1991, however, introduced several new features that made it a formidable tool in the system administrators
System administrator
A system administrator, IT systems administrator, systems administrator, or sysadmin is a person employed to maintain and operate a computer system and/or network...
arsenal.
- Programmable dictionary generator
- Network distributed password cracking
Crack v5.0a released in 2000 did not introduce any new features, but instead concentrated on improving the code and introducing more flexibility, such as the ability to integrate other crypt variants such as those needed to attack the MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
password hashes used on more modern Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
and Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
systems. It also bundled Crack v6 - a minimalist password cracker and Crack v7 - a brute force password cracker.
Programmable dictionary generator
While traditional password crackingPassword cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
tools simply fed a pre-existing dictionary of words through the crypt function Crack v4.0a introduced the ability to apply rules to this word list to generate modified versions of these word lists.
These could range from the simple (do not change) to the extremely complex - the documentation gives this as an example:
- X<8l/i/olsi1so0$=
- Reject the word unless it is less than 8 characters long, lowercase the word, reject it if it does not contain both the letter 'i' and the letter 'o', substitute all i's for 1's, substitute all o's for 0's, and append an = sign.
These rules could also process the GECOS field
Gecos field
The gecos field, or GECOS field is an entry in the /etc/passwd file on Unix, and similar operating systems.It is typically used to record general information about the account or its user such as their real name and phone number.-Format:...
in the password file, allowing the program to use the stored names of the users in addition to the existing word lists.
Network distributed password cracking
As password cracking is inherently embarrassingly parallelEmbarrassingly parallel
In parallel computing, an embarrassingly parallel workload is one for which little or no effort is required to separate the problem into a number of parallel tasks...
Crack v4.0a introduced the ability to use a network of heterogeneous workstations connected by a shared filesystem as parts of a distributed password cracking
Password cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
effort.
All that was required for this was to provide Crack with a configuration file containing the machine names, processing power rates and flags required to build Crack on those machines and call it with the -network option.