Does it assemble/concatenate the dictionary elements into candidate passwords, or does it just use the dictionary elements/words as passwords (which sounds strange)?
I'm wondering about "SmartKey ZIP Password Recovery Professional".
Asked
Active
Viewed 1,191 times
2 Answers
7
A classic dictionary attack simply uses each element of the dictionary as a candidate.
Using rules to extend the dictionary is common, and tend to vary from implementation to implementation. A rule set might include adding numbers, concatenating other words from the list, or substituting letters for numbers or symbols. Hashcat has a fairly proficient rule set and the wiki entry for rule based attacks can be somewhat confusing, but the basic idea is that for each word in the dictionary, variants of that word are also tried.
I'm unfamiliar with the program you mentioned, but given the small amount of info available on the web page, I'd hazard a guess that it runs a simple dictionary attack (only the words in the list are checked).
C_Sto
- 311
- 1
- 5
2
Most password cracking applications that use wordlists (dictionaries, list of names, etc) work on the premise of encrypting a word, then comparing the ciphertext. Then there are those that use a brute force method that uses all the words available. For example, imagine I have a list on N amount of words:
$cat mywords.txt
apples
bananas
carrots
grapes
mango
oranges
potato
I can create an application that says (pseudo code):
insert $word_from_my_list into encrypted_file try_to_unlock
In the case of "password recovery" applications, most use the brute force method:
try_first_word_in_list then second_then_third
A similar question was posted, and answered before, but for the most part, this is how those applications work: check one word, then another, then another, until you find it. Some applications can take a word and try variations (mutations) of a word for example, the word password may become:
password
p@ssword
p@$sw0rd
P@$5w0rd
And so forth
