Crack is a

Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...

password cracking In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach ( brute-force attack) is to repeatedly t ...

program designed to allow

system administrators A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to ens ...

to locate users who may have weak

password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

s vulnerable to a

dictionary attack In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands o ...

. Crack was the first standalone password cracker for Unix systems and the first to introduce programmable dictionary generation as well. Crack began in 1990 when Alec Muffett, a

system administrator A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to en ...

at the

University of Wales The University of Wales (Welsh language, Welsh: ''Prifysgol Cymru'') is a confederal university based in Cardiff, Wales. Founded by royal charter in 1893 as a federal university with three constituent colleges – Aberystwyth, Bangor and Cardiff � ...

Aberystwyth, was trying to improve Dan Farmer's 'pwc' cracker in

COPS Cop or Cops commonly refers to: * Police officer Cop and other variants may also refer to: Art and entertainment Film * ''Cop'' (film), a 1988 American thriller * ''Cops'' (film), an American silent comedy short starring Buster Keaton * ''The ...

. Muffett found that by re-engineering the memory management, he got a noticeable performance increase. This led to a total rewrite which became "Crack v2.0" and further development to improve usability.

Public Releases

The first public release of Crack was version 2.7a, which was posted to the

Usenet Usenet () is a worldwide distributed discussion system available on computers. It was developed from the general-purpose Unix-to-Unix Copy (UUCP) dial-up network architecture. Tom Truscott and Jim Ellis conceived the idea in 1979, and it was ...

newsgroups alt.sources and alt.security on 15 July 1991. Crack v3.2a+fcrypt, posted to comp.sources.misc on 23 August 1991, introduced an optimised version of the

crypt() function but was still only really a faster version of what was already available in other packages. The release of Crack v4.0a on 3 November 1991, however, introduced several new features that made it a formidable tool in the

arsenal. * Programmable dictionary generator * Network distributed password cracking Crack v5.0a released in 2000 did not introduce any new features, but instead concentrated on improving the code and introducing more flexibility, such as the ability to integrate other crypt() variants such as those needed to attack the MD5 password hashes used on more modern

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...

and

Windows NT Windows NT is a proprietary graphical operating system produced by Microsoft, the first version of which was released on July 27, 1993. It is a processor-independent, multiprocessing and multi-user operating system. The first version of Wi ...

systems. It also bundled Crack v6 - a ''minimalist password cracker'' and Crack v7 - a ''brute force password cracker''.

Legal issues arising from using Crack

Randal L. Schwartz, a notable

Perl Perl is a family of two High-level programming language, high-level, General-purpose programming language, general-purpose, Interpreter (computing), interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it ...

programming expert, in 1995 was prosecuted for using Crack on the password file of a system at

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the devel ...

, a case the verdict of which was eventually expunged. Crack was also used by

Kevin Mitnick Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author, and convicted hacker. He is best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crim ...

when hacking into

Sun Microsystems Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, ...

in 1993.

Programmable dictionary generator

While traditional

tools simply fed a pre-existing dictionary of words through the crypt() function, Crack v4.0a introduced the ability to apply rules to this word list to generate modified versions of these word lists. These could range from the simple (do not change) to the extremely complex - the documentation gives this as an example: : ''X<8l/i/olsi1so0$='' : ''Reject the word unless it is less than 8 characters long, lowercase the word, reject it if it does not contain both the letter 'i' and the letter 'o', substitute all i's for 1's, substitute all o's for 0's, and append an = sign.'' These rules could also process the

GECOS field The gecos field, or GECOS field is a field in each record in the /etc/passwd file on Unix and similar operating systems. On UNIX, it is the 5th of 7 fields in a record. It is typically used to record general information about the account or its u ...

in the password file, allowing the program to use the stored names of the users in addition to the existing word lists. Crack's dictionary generation rule syntax was subsequently borrowed and extended by

Solar Designer Alexander Peslyak (Александр Песляк) (born 1977), better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the ...

for

John the Ripper John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVM ...

. The dictionary generation software for Crack was subsequently reused by Muffett to creat
CrackLib
a proactive password checking library that is bundled with

Debian Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of De ...

and

Red Hat Enterprise Linux Red Hat Enterprise Linux (RHEL) is a Commercial software, commercial Open-source software, open-source Linux distribution developed by Red Hat for the commerce, commercial market. Red Hat Enterprise Linux is released in server versions for x86-6 ...

-derived Linux distributions.

Network distributed password cracking

As password cracking is inherently

embarrassingly parallel In parallel computing, an embarrassingly parallel workload or problem (also called embarrassingly parallelizable, perfectly parallel, delightfully parallel or pleasingly parallel) is one where little or no effort is needed to separate the problem ...

Crack v4.0a introduced the ability to use a network of

heterogeneous Homogeneity and heterogeneity are concepts often used in the sciences and statistics relating to the uniformity of a substance or organism. A material or image that is homogeneous is uniform in composition or character (i.e. color, shape, siz ...

workstations connected by a shared filesystem as parts of a distributed

effort. All that was required for this was to provide Crack with a configuration file containing the machine names, processing power rates and flags required to build Crack on those machines and call it with the ''-network'' option.

References

External links