Browsing by Subject "Hashcat"

Using password hashes for verification is a common way to secure users’ passwords against a potential data breach. The functions that are used to create these hashes have evolved and changed over time. Hackers and security researchers constantly try to find effective ways to derive the original passwords from these hashes. This thesis focuses on cryptographic hash functions that get passwords as inputs and on the different methods an attacker may use to deduce a password from a hash. The research questions for the thesis are: 1. What kind of password hashing techniques have evolved from the viewpoints of a defender and an attacker? 2. What kind of observations can be made when studying the implementations of the hashing algorithms and the tools that the attackers use against the hashes? The thesis examines some commonly used hash functions for passwords and common attack strategies that are used against them. Hash functions developed especially for passwords such as PBKDF2 and Scrypt will be explained. The password recovery tool Hashcat is introduced and different ways to use the tool against password hashes are demonstrated. Tests are done to show off differences in hash functions, as well as what kind of effect offensive and defensive techniques have against password hashes. These test results are explained and reviewed.