[英]Cracking a salted hash using a dictionary in python
im currently attempting a question where i have to crack a salted hash in python given the hash e77decd0e7c8a7b4688b010241bece45 and the salt "$goodluck$".我目前正在尝试一个问题,我必须破解 python 中的盐渍 hash 给定 hash e77decd0e70$luck2417b4688b 和“盐”。 I have tried downloading 10 million of the most popular passwords ( https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt ), and using that as a dictionary.
我尝试下载 1000 万个最流行的密码( https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt ),并且用它作为字典。 I then attach the salt to the word, encrypt it and then hash it.
然后我将盐附加到单词上,对其进行加密,然后对其进行 hash 加密。 This is then compared to the given hash value.
然后将其与给定的 hash 值进行比较。 However i still have not been able to crack it.
但是我仍然无法破解它。 Here is my code:
这是我的代码:
import hashlib
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Hash import MD5
def dictionary_attack(password_hash):
dic = lines #extracted from file
pass_found = False
for word in dic:
word = word+"$goodluck$"
key = get_random_bytes(16)
cipher = AES.new(key, AES.MODE_EAX)
ciphertext, tag = cipher.encrypt_and_digest(word.encode('utf-8'))
hashed_val = MD5.new()
hashed_val.update(ciphertext)
hashed_val = hashed_val.hexdigest()
if hashed_val == password_hash:
pass_found = True
recovered_password = word
if pass_found:
print("Your password is: {}".format(recovered_password))
else:
print("Password not found")
dictionary_attack("e77decd0e7c8a7b4688b010241bece45")
Any help would be greatly appreciated.任何帮助将不胜感激。 Thanks
谢谢
Did you use this or this list?你用了这个还是这个列表?
Please try a reverse approach so see if you algorithm works or if there is something wrong:请尝试反向方法,以查看您的算法是否有效或是否有问题:
Ok, so that means that your code actually works and the password is not on the list.好的,这意味着您的代码确实有效,并且密码不在列表中。 Instead of using that list, find the "The Top 500 Worst Passwords " and try them.
不要使用该列表,而是找到“最糟糕的 500 个密码”并尝试它们。
I don't know which library is faster, so just try it and get the duration for a reasonable amount of passwords to average out overhead, eg pick that many passwords that the duration is about one minute.我不知道哪个库更快,所以只需尝试并获得合理数量的密码的持续时间以平均开销,例如选择持续时间约为一分钟的那么多密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.