http://www.articlearmies.com Articles posted by Alexander Poluektov. en-us Copyright (c) 2005 ArticleTime.com http://www.articlearmies.com/articles/Technology/passwordspro--welcome-to-mysterious-world-of-hashes.html Many know that hashes are encoded passwords. Using hashes greatly increases safety of passwords storage, for example, in the forums, databases, etc. Let's assume, forum administrator has password "admin12345" which is certainly stored in the forum database. What is to be done to authenticate user on the forum? Input password shall be compared with "admin12345". If they match, administrator may enter the forum. It seems working great, but what if someone unautorized gets access to database and sees open password and can easily log in as administrator. Here hashes come to rescue. For instance, MD5-hash for "admin12345" password will look like "7488e331b8b64e5794da3fa4eb10ad5d" and it's exactly what we store in our database, not a password itself. During user authentication input password is converted to hash to compare with the hash stored in the database - if these two match that means input password is correct and logging on is successful. But what if we need to perform reverse action - to try to restore password from hash? It's impossible to do that directly, as any hashing algorithm is password's checksum calculation. This process involves irreversible mathematical operations like logical operation AND, etc. For example, even knowing Y and Z we can never find exact X from "X AND Y = Z" equation (all we can do is calculation of range of possible X values satisfying the equation). So if we need to find password for certain hash there's the only way to generate hashes for different passwords and then compare hashes we got with source one. If they match, it means exactly the source password is found as possibility of collision (i.e. another password which has hash matching our source hash) is very low - for example, it is (1 / 2128) in case of MD5-hashing. Here PasswordsPro comes in handy - it is a professional tool for passwords check and recovery of passwords for hashes. It's main purpose is to recover your forgotten password when you have only one hash, or check passwords for crack-resistance. This unique program supports about 40 types of hashes, and any new type can easily be added through writing your own DLL-hashing module. Built-in types of hashes: Supported types of hashes: MySQL, MySQL5, DES(Unix), MD4, MD4(HMAC), MD5, MD5(HMAC), MD5(Unix), MD5(APR), SHA-1, SHA-1(HMAC), SHA-256, SHA-384, SHA-512, Domain Cached Credentials, Haval-128, Haval-160, Haval-192, Haval-224, Haval-256 and others. The program also supports many complex hashes like md5($pass.$salt), md5($salt.$pass), md5(md5($pass)), etc. Third-party developers had already written modules for PasswordsPro for such types of hashes as MD2, Oracle DES, MS SQL and many others, including hashes no one else program in the world works but PasswordsPro! Program uses the following methods to recover passwords: Preliminary attack; Brute-force attack (including distributed attack); Mask attack; Simple dictionary attack; Combined dictionary attack; Hybrid dictionary attack; Pre-calculated Rainbow-table attack. PasswordsPro also has the following features: Recovery of the passwords up to 127-symbol length; Recovery of the passwords for incomplete hashes of any type; Editing of users' hashes; Search of users' list for required data; Quick addition of hash through dialog box; Quick check of current password for all hashes in the list; Unlimited number of dictionaries used for dictionary attack; Unlimited number of tables used for Rainbow-table attack. Important feature of PasswordsPro it is friendly interface - all hash manipulations are made with literally couple clicks, what makes passwords check very convenient, pictorial and effective. Another significant advantage of the program is work with Rainbow-tables for any hashing algorithms. These tables can be generated with RTGEN utility of version 1.2. or later. I.e. you can generate tables for SHA-512 algorithm, and PasswordsPro will immediately start working with them. If you still couldn't find password for your hash, you can always get help at PasswordsPro forum. Program has Shareware status and is distributed as Demo-version which has the only limitation - number of hashes to import for check is 1, while licensed version doesn't limit this number. Download PasswordsPro PasswordsPro forum Dictionaries Hash database (over 10 millions of unique hashes) http://www.articlearmies.com/articles/Computers/saminside.html SAMInside program is designated to recover Windows NT/2000/XP/2003/Vista users' log on passwords. Program supports import of hashes (i.e. encoded users' passwords) from the following files: - Windows registry (SAM and SYSTEM files); - PWDUMP program format text files; - L0phtCrack program files (*.LC files); - LC4 and LC5 program files (*.LCS files); - LC+4 and LC+5 program files (*.LCP files); - Proactive Windows Security Explorer and Proactive Password Auditor program files (*.HDT files); - etc. (10 types of hash import in total). Program also supports import of user hashes from local computer (program shall be run with Administrator account privileges). For this purpose program uses the following methods of local hashes import: - hashes import using connection to LSASS process; - hashes import using system utility Scheduler. Program provides 6 types of attack to recover users' passwords: - full brute-force attack; - distributed attack; - mask attack; - dictionary attack; - hybrid attack; - pre-calculated Rainbow tables attack (tables for both LM and NT hashes supported). All attack settings allow fine adjustment of required type of attack to achieve maximal effectiveness of users' passwords recovery. Forcing program code is written completely on Assembler what lets to get very high speed of password forcing procedure. SAMInside program currently shows the highest speed abroad of single LM-hash (or NT-hash)! For example, computer based on Athlon 64 3000+ processor provides forcing speed for single LM-hash about ~8300000 passwords per second, and 15100000 passwords per second for single NT-hash. The program has compact size, doesn't require installation and can be run from floppy disk, CD/DVD or external USB disk. It works under any versions of Windows, requires no additional modules and doesn't state any special system requirements so can be run on any computer. One more advantage of the program is correct import of Windows user names and passwords in local symbol encoding. SAMInside program is Shareware. Single license price is $40. To learn more about variants of license key purchase please visit this page. Once purchased key grants you right to use all future versions of the program for free. Useful links: Technical support Latest version of the program FAQ about use of the program Forum dedicated to the SAMInside program Forum where you can get help with password recovery Dictionaries