README for Password Cracking RepositoryBy: Trevor KroegerPython 2.7.5.USE THESE FILES RESPONSIBLY. CRACKING PASSWORDS IS ILLEGAL AND USE OF THESEFILES/PROGRAMS IS NOT INTENDED.This is my first substantial exercise in python programming.Description:This is a password cracking exercise preformed for a course InformationSecurity & Privacy. The idea is to use a dictionary attack against the leakedpassword files to determine what password was used. The leaked lists areprovided without the username association.Process Used for Determining Plaintext:For the plain text within the yahoo.txt I extracted it from the file using apython program to get it into the format needed for submission for theassignment.I did consider a brute force tactic for decoding passwords with less than 6characters and did implement such a program to learn some python programminghowever I did realize how inefficient this process was and abandoned theprocess very quickly.To determine the plain text of the two hashed lists I decided to perform adictionary attack.
I downloaded the rockyou.txt list of passwords to performthis method. I take thehashed passwords from the.txt files and load them into a set. Then I computethe hashes of each of the lines of the lines in my word list and see if theyare in the set of hashed passwords. Also when decoding eharmony file I foundhelp with it online.This site did a pipal analysis of the passwords which told me that all of thepasswords were uppercase and some fun facts about different things amongst thepassword set such as the percentage that was stringdigit, digitstring, or allstring.
Pwdump
This proved to be crucial for decoding the passwords as none of mydictionary words were in uppercase. It’s another thing to keep in mind if I amtrying to crack other passwords.For the formspring passwords I preformed the same type of process however I hadto add code to perform the salting before each of the passwords.
I appendedvalues from 00 to 99 to the beginning of the plaintext password and followedthe same process that I used for the eharmony passwords. Salting definitelymade this password list harder for me to determine and it has taken a lot moretime to determine more of the passwords from the list. If we hadn’t been giventhe information about the salt I’m not sure I would’ve guessed it on my own andI would’ve maybe got a few passwords on my own but nowhere near the amount thatI did get when given that information. Salting seems to be very beneficial if itcan be done appropriately.
I should note that I didn’t include the Salt valuesin my print out, which I realize I should have otherwise you cannot get to thepassword readily. You have to rehash and look for the correct salt. I wasfollowing the format for submission with a space separating the encodedpassword, the plaintext password and the file from which the password was from.Next Steps:If I were to continue the exercise to determine even more of the plaintextpasswords I think that my first step would be to expand my dictionary of words.There were several other lists online that could’ve been added to my list. Ialso could have started to combine words in the list to create new patternsto check against. I could’ve also started to preform alpha numeric or symbolicreplacement (i.e. Replacing the letter L with 1 or replacing S with $). Alsoadding a numerical value to the beginning or end of the passwords would’vebeen helpful due to the fact that the pipal analysis of the eharmonypasswords showed that a majority of them are digit-string or string-digitpasswords.
If I was to continue to crack passwords on a large level I couldcreate a comprehensive rainbow table for the hashes. I could compute millionsof hashes and keep the result to check against later. The advantage associatedwith this that you no longer have to compute the hashes you just have to lookat the provided hash and determine if it is in memory.The following are the files needed to crack each of the different password files:YAHOO: Plaintext Passwordsyahoo.txt.
. If you have received a match that is outside your current Match Preferences, this is most likely a Flex Match.
Flex matches are created when anything other than “Very Important” is selected under. Date Updated:. Forgot your password?
Click here and follow our simple instructions to set up a new password. Please note - the email address and postal code must match what is on your account in order. Date Updated:. eharmony works hard to identify and close individuals who misrepresent who they are on our site, and we take our members complaints seriously. If you have concerns about a particular match. Date Updated:.
The 'Who's Online' indicator is a great way to see which of your matches have been the most active on eHarmony lately - and therefore might be most likely to respond to communication! Date Updated:. Purchased Subscription on the Web You can turn off your account's automatic renewal feature and by doing so, your subscription will expire at the end of its term.
Keep in mind that once your. Date Updated:. Adobe premiere pro title templates free download. We allow you to 'Hide' the matches you don't wish to communicate with. Hiding matches allows you to file away matches you're not as interested in but still keeps your options open - you can still. Date Updated:.
The most common reason for account closure is an apparent or alleged violation of eHarmony's Terms and Conditions. Such violations include, but are not limited to: Misrepresentation of personal. Date Updated:. What If? Is a feature that allows you to see some additional eHarmony members beyond the ones you'd normally see as your Matches. To use What If?
You must be a Subscriber. By choosing to Send a. Date Updated:. Our Relationship Questionnaire, based on 35 years of clinical research, is meant to be taken only once. However, we understand that people's personal goals, interests, and desires can change over. Date Updated:. At eHarmony, our goal is to help you find a great relationship, which means we want to give you lots of opportunities to be smitten! With that in mind, we strive to provide new matches each day.
Date Updated.