Underground: Hacking, madness and obsession on the electronic frontier - Suelette Dreyfus

It was difficult to have an uninterrupted conversation with Phoenix. If it wasn't his machine crashing, it was his grandmother asking him questions from the doorway of his room.

`You wanna go through the list? How big is your file?' Phoenix asked, now more focused on the conversation.

`Huh? Which file?'

`The dictionary file. The words to feed into the password cracker,'
Phoenix replied.

Electron pulled up his list of dictionary words and looked at it. I'm going to have to cut this list down a bit, he thought. The dictionary was part of the password cracking program. The larger the dictionary, the longer it took the computer to crack a list of passwords. If he could weed out obscure words—words that people were unlikely to pick as passwords—then he could make his cracker run faster.

An efficient password cracker was a valuable tool. Electron would feed his home computer a password file from a target computer, say from Melbourne University, then go to bed. About twelve hours later, he would check on his machine's progress.

If he was lucky, he would find six or more accounts—user names and their passwords—waiting for him in a file. The process was completely automated. Electron could then log into Melbourne University using the cracked accounts, all of which could be used as jumping-off points for hacking into other systems for the price of a local telephone call.

Cracking Unix passwords wasn't inordinately difficult, provided the different components of the program, such as the dictionary, had been set up properly. However, it was time-consuming. The principle was simple. Passwords, kept in password files with their corresponding user names, were encrypted. It was as impossible to reverse the encryption process as it was to unscramble an omelette. Instead, you needed to recreate the encryption process and compare the results.

There were three basic steps. First, target a computer and get a copy of its password file. Second, take a list of commonly used passwords, such as users' names from the password file or words from a dictionary, and encrypt those into a second list. Third, put the two lists side by side and compare them. When you have a match, you have found the password.

However, there was one important complication: salts. A salt changed the way a password was encrypted, subtly modifying the way the DES encryption algorithm worked. For example, the word `Underground' encrypts two different ways with two different salts: `kyvbExMcdAOVM' or `lhFaTmw4Ddrjw'. The first two characters represent the salt, the others represent the password. The computer chooses a salt randomly when it encrypts a user's password. Only one is used, and there are 4096 different salts. All Unix computers use salts in their password encryption process.