Hi, I've been experimenting a little with dictionary attacks against password hashes.
It turned out that Python is plenty fast for this task, if you use precomputed hash databases. I used a few rather large dictionary files (most of the words of the English language, and most of the words of the Dutch language including derived forms) for a total of almost 600,000 precomputed hashes. With that the program can "crack" 10,000 password hashes in under a second on my 3 year old PC. I've also used a list of 600 'most commonly used' passwords that I gathered from a few sources. That list is used to generate a couple of variations, such as prefixing them with a digit, or typing the word in uppercase, etc. I did this to be able to quickly scan for the most common passwords, but it turned out that using all of the 600,000 precomputed hashes isn't much slower for the experiments that I did. The variations however increase the hit rate because words like "Jennifer9" are not in a normal dictionary file. This one however *is* part of the 'most common' list. So if that is your password, go change it right now ;-) I thought the code I wrote might interest other people as well, so I share it here: (It should run on Python 2.6 and up, including Python 3.x.) Download: http://www.razorvine.net/download/dictionary_attack/ Or by Subversion: svn://svn.razorvine.net/Various/PythonStuff/trunk/dictionaryattack Have fun, Irmen de Jong -- http://mail.python.org/mailman/listinfo/python-list
