Marcell Major has published his really good presentation „Writing your own password cracker“ from the Hacktivity 2010 security conference in Budapest.
Marcell describes different ways to achieve this goal, e.g. source code analyze, debugging or reverse engineering.
With good examples Marcell showed the password analysis of Apache Derby, Sybase ASE old and new hashing algorithm. The new Sybase ASE (15.0.2+) uses SHA256 and the old SYS-PROB (<15.0.2) is based on an already broken FEAL algorithm. Especially the FEAL algorithm is quit complicated but a good example hat debugging/reversing could do.
- The password cracker for Sybase ASE – SHA256 is called sybcrack and already released.
- The password cracker for Sybase ASE – SYB-PROP (FEAL) will be released soon.