Cracking and Cryptography

Now this is a really killer category. I would not want to be one of those who do cracking and cryptography, because they are time consuming hobbies. Also what’s with the math stuff in cryptography? I though that security should be fun’n'easy .

Ok, you’re new to this stuff and don’t know where to get started? Here’s a list of links from wikipedia that could help you:

• Cryptography
• Password Cracking
• Encryption
• Block ciphers
• Stream ciphers

And now for some little scary tools that will haunt you all your life >|

Toolbox

• John the Ripper – John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
• MDCrack – MDCrack is a free featureful password cracker designed to bruteforce several commonly used hash algorithms at a very aggressive speed rate. It can retrieve any password made of up to 16 characters and allowing up to 55 characters with an additionnal user salt. In order to achieve the highest possible speed rate, this program uses several cores for each algorithm it supports. Each one of these cores provides a different level of optimization dynamically selected at run time to best adapt with changing candidates length. To date, this program supports bruteforce attacks for 21 algorithms: MD2, MD4, MD5, HMAC-MD4, HMAC-MD5, FreeBSD, Apache, NTLMv1, IOS and PIX (both enable and user) hashes, Invision Power Board 2.x (IPB2), MD4MD4, MD4MD4S, MD5MD5, MD5MD5S, PHP, PHPS, CRC32, CRC32B, ADLER32 the list of algorithms is growing up.
• Cain and Abel – Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
• Ophcrack – Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.
• fgdump – Fgdump is basically a utility for dumping passwords on Windows NT/2000/XP/2003/Vista machines. It has all the functionality of pwdump in-built and can also do a number of other neat things also like grabbing cached credentials, executing a remote executable and dump the protected storage on a remote, (or local), host. Users of pwdump are advised to upgrade to this as soon as possible.

Another finished resource page, and hopefully another useful page for all those out there interested in this topic, and which keep the cryptography sceene alive ;)