In this assignment, you are to implement the dictionary attack we have discussed in the lectures. You are given a list of hashed salted passwords (the le [login to view URL] described below), and your task is to nd the password that corresponds to each hash. The hashes are computed using Linux crypt(3) function. As discussed in the lectures, crypt supports different hash functions to compute the password hashes. In this assignment, all the passwords are hashed using MD5, and each hash value is 128 bit long. The hashes are encoded in a base-64 encoding as explained in the lectures.
You do not need to understand the details of how crypt and MD5 work. You will be utilizing an open source implementation of the crypt function, which is part of the Apache Commons Codec (see the `Technical Specication' section).
There will be a time limit set for computing the passwords, so for the scope of this assignment, it is not feasible to nd the passwords using brute force. Instead, you are to guess the passwords using a `dictionary', which contains a list of commonly used passwords and selected words from English dictionary. This dictionary (the le [login to view URL] described below) is provided to you and you must use only the provided dictionary to implement your attack.
Some, but not all, hashes in [login to view URL] are computed from selected words from the dictionary. For the rest of the hashes, the passwords are generated from the dictionary following certain common patterns for generating passwords. Recent leaked password lists resulting from several hacks on commercial servers show recurring patterns of passwords. For example, here is a non-exhaustive list of patterns found in
those leaked passwords:
Numeric prex or sux: A large number of passwords are obtained by simply appending or prepending some numeric constants to a dictionary word. For example, leaked passwords from LinkedIn hack contains passwords of this pattern, such as `march31', '19link'.
Character substitution: One or more character in a password is substituted by similar looking characters. One very common substitution used is based on the so-called `leetspeak' that substitutes alphabets with similar looking numbers. For example, `e' is replaced by `3', `i' is replace by `1', `o' is replaced by `0', `s' is replaced by `5', `t' is replaced by `7', etc. So from a dictionary word such as `password' one could generate `passw0rd' (which is one of the frequently used passwords), and from `linkedin' one can generate `l1nked1n', etc.
Combination of words: This combines two or more words from a dictionary. For example, `gohome' is obtained by combining the dictionary words `go' and `home'.
To crack all the hashes in [login to view URL] you need to consider these and other kinds of transformations.
Hi. I'm advanced developer. I also have good data structure and algorithms knowledge. I have read your requirement detail and I'm very confident to handle it. I'm serious bidder, please check my profile. I'm surely satisfy you in this project. Thank you.