[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vile] Some questions about the -k/-K options and encryption
From: |
Chris Green |
Subject: |
Re: [vile] Some questions about the -k/-K options and encryption |
Date: |
Thu, 15 Jan 2015 15:00:06 +0000 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Well, just in case it's of any interest to anyone else here, I've done
some trials with unixcrypt-breaker, the results have made me feel
fairly happy about using crypt().
Nearly all my encrypted files hold things like passwords to web sites,
Microsoft Keys (for software), mobile numbers, etc. Thus they don't
have much plain text and they do have quite a lot of essentially
random sequences of numbers and letters.
First I tried it on this file (details removed here of course):-
Yleadership.org web site - WordPress
====================================
Full installation path: /home/yleadj/public_html
Public URL: http://yleadership.com/
Admin URL: http://yleadership.com/wp-admin/
Username: XXXXXXXXXXXX
Password: sXXXXXXXXXXX
Username: xxxxxxxxxxxx
Password: xxxxxxxxxxxx
MySQL database: xxxxxxxxxxxx
MySQL user: xxxxxxxxxxxx
cPanel and ssh access
=====================
You access cpanel from: https://infedaa1.miniserver.com:2083/
The username is: xxxxxxxxxxxx
The password is: xxxxxxxxxxxx
ssh login to infedaa1.miniserver.com, user xxxxxx, password as above
PayPal Business account
=======================
For preconfigured shopping carts: Copy and paste the API username,
password and>
For building custom shopping carts: Store the following credential
information >
Credential API Signature
API Username XXXXXXXXXXXXXXj
API Password XXXXXXXXXXXXXXj
Signature XXXXXXXXXXXXXXj
Request Date 7 May 2014 15:09:45 BST
I just gave it the text from a couple of similar files for the stats
text, total failure, the 'guess' it returned was just random.
Next I tried some older files comprising the following:-
bsnet - URLs and passwords etc.
bt - some BT URLs and passwords
dte - similar for a site where I did some work
gradwell - hostnames, passwords, etc. for an old ISP
logins - various usernames and logins
databases - database names and passwords on my desktop machine
I created stats text files from the plain text of *all* the above
files and then tried using that to crack one of my current files
containing URLs, passwords, etc.
Here's the result:-
s t k crad
= == ======
Ma n siser p 3 s t. . / t unt egicgr ost onc
cls dtppor
ht l albil ing tssh s .cooup/
co ack P Ma b ae ass d
b zmitso
isbd.net accou in etilstesntccountt
my5thps: ssl.gr dl o sgo k/womeem ss ) is do t
B
tacl en
raesh
n he .grndtost oo et
user ames s thit/w betteri adoringin alila. ot romor nase
p Some address@hidden hamesse2 d o nned o u itsl w b a ewrr baes
s rarosit.avi l Adml tb u trn tr th st t icount bote e
f nd tict. t n e wo-dec m t o i ccount2.no l n aid 0 ml u em
sbd f ove.u C R T op .mome- -d b sw2 d tprnel
i a ww neeswo-dec . om nelccai pp/t r db l rim elscn st ww.
sa n
e s b C 3
Be s , o
ssh w wo ne to-d.c ne iy
w w. inetto-dec ce.com s enc.ner ee /w. - erz n .uk
l t to e
It has guessed right at a couple of things which, presumably appear
quite frequently in the files used for creating the stats, like 'ssh'
and 'isbd.net' but there's nothing remotely resembling any of the
important information stored in the files.
So, as I said, I'm not too worried about using crypt. The cracking
algorithms rely on there being sequences of characters which are easy
to guess, i.e. words, and my files just don't have many of them!
Enough noise for now, I doubt anyone is desperately interested n all
this! :-)
--
Chris Green
- [vile] Some questions about the -k/-K options and encryption, Chris Green, 2015/01/13
- Re: [vile] Some questions about the -k/-K options and encryption, Thomas Dickey, 2015/01/13
- Re: [vile] Some questions about the -k/-K options and encryption, Chris Green, 2015/01/14
- Re: [vile] Some questions about the -k/-K options and encryption, Paul Fox, 2015/01/14
- Re: [vile] Some questions about the -k/-K options and encryption, Chris Green, 2015/01/14
- Re: [vile] Some questions about the -k/-K options and encryption, Thomas Dickey, 2015/01/14
- Re: [vile] Some questions about the -k/-K options and encryption, Chris Green, 2015/01/15
- Re: [vile] Some questions about the -k/-K options and encryption, Thomas Dickey, 2015/01/15
- Re: [vile] Some questions about the -k/-K options and encryption, Chris Green, 2015/01/15
- Re: [vile] Some questions about the -k/-K options and encryption,
Chris Green <=