SamuraiNet Blog

Restrictive passwords make cracking more difficult by requiring that users use a wider range of characters; however, can restrictive password policies actually decrease time required to crack? This blog goes into the math behind it. http://lukenotricks.blogspot.com/2008/03/more-on-counting-restrictive-password.htm

Mozilla has a new campaign to break the world record for number of downloads in 24 hours. They have even gone to allowing people to pledge downloads, to be sure they accomplish their goal. This is an interesting marketing campaign. http://www.spreadfirefox.com/en-US/worldrecord/

In a previous post (America’s Cyber defense or lack there of) I pointed out problems with foreign hackers and our government. Here are two articles as a semi-continuation of the saga. http://www.scmagazineus.com/Potential-security-breach-by-China/article/110790/ http://www.thehindubusinessline.com/2008/06/04/stories/2008060451781200.htm

If you are considering being in the IT field or are looking to hire new IT staff, this article is well worth a read. 30 items that IT staff should know. I don’t agree with all 30, but the list itself is something to be looked at and will help you evaluate yourself or potential staff. http://www.infoworld.com/article/08/06/02/23FE-how-to-fire-IT-staff-skills-list_1.html

After battling with an .htaccess problem all day long I ended up at this article. It didn’t solve my problem, but is a great source of information on all things .htaccess. http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

I have finished up the first version of pwlib.java. It was created in Java 1.4, because I haven’t bothered to update Java in ages. I should be revising it for 1.6 soon enough, but this is something to get you going. I haven’t done a whole lot of testing on it just yet, so feel free to post any bugs you may find.

Currently it only supports hashing for md5 and SHA1, but that will change later on. Right now I’m just trying to get the code base out in all four languages. Next up will be python. Enjoy.

pwlib.java (Java 1.4)

This is my first build of the php version of pwlib. Nothing is quit set in stone yet and for all I know I might scrap the whole thing. This should be enough to see how it will interface. If you have and suggestions or would like to see a feature put in, post a comment and I’ll look into it.

PHP 4 Version: http://www.samurainet.org/pwlib/php/pwlib-php4.src

PHP 5 Version:http://www.samurainet.org/pwlib/php/pwlib-php5.src

Wordlist (its just for testing): http://www.samurainet.org/pwlib/php/test.txt

I still need to finish optimizing the code as well as making some of the features more robust. Enjoy the code.

After creating customized password cracking apps for some time, I have finally grown tired of using different alogirthms with no real flexability in them so I have decided to create a library to do this for me. Since I work in a few languages, I will be building these in: Java, C++, Python, and PHP.

The library itself will be a collection of functions used to generate passwords and hashes to be used in cracking or brute forcing. For passwords the library will provide functionality for using dictionary files and generating brute force lists of minimum length n to maximum length m for ASCII x through y. The hashes will include md5 and sha1 built in and I plan to allow custom algorithms to be built for it as a plugin or passed in function, however; that is still in the planing stages.

As soon as I set it up, I will make daily builds available and post that link under this sub-category along with updates. Comments and suggestions are appreciated.