Search the Community
Showing results for tags '@BallastSec'.
So recently my buddy and me started poking holes in some password safe systems(like KeePass). I made a blog post about most of these could easily be defeated by adding a WndProc listener to the clipboard, and watching for passwords as they get copied and pasted. That post is here: http://ballastsec.blogspot.com/2012/07/insecurity-in-password-management.html Not all of the password safe systems use this method, or have alternative methods as well. So the best way to attack these safes is to crack the safe. Currently, I have only implemented a safe cracker for Password Safe(http://passwordsafe.sourceforge.net/) after doing a light analysis then spending a lot of fun time making a dictionary cracker for it. Blog post about it here: http://ballastsec.blogspot.com/2012/07/auditing-of-password-safe-continues.html You can also find the source code that I've released so far here: https://github.com/bwall/SafeCracker/ and finally find the tarball of the latest version with a nice little Makefile here: https://github.com/downloads/bwall/SafeCracker/safe-cracker.tar.gz safe-cracker has currently only been tested in a Linux environment, if you really wanted to compile it on Windows, you would need the pthread library. If I were you though, I would wait until I finish implementing OpenCL into the cracker, as I will supply a compiled copy for Windows. What I would like to know is, what other password safe systems would you want audited? I want to add a few to this project, and hopefully start pushing development towards cracking more state of the art hashes.