Crack is a

Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...

password cracking In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach (brute-force attack) is to repeatedly try ...

program designed to allow

system administrators A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to ensu ...

to locate users who may have weak

password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

s vulnerable to a

dictionary attack In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or ...

. Crack was the first standalone password cracker for Unix systems and the first to introduce programmable dictionary generation as well. Crack began in 1990 when

Alec Muffett Alec David Edward Muffett (born April 22, 1968) is an Anglo-American internet security evangelist, architect, and software engineer. His work includes Crack, the original Unix password cracker, and for the CrackLib password-integrity testing li ...

, a

system administrator A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to ensu ...

at the

University of Wales The University of Wales (Welsh language, Welsh: ''Prifysgol Cymru'') is a confederal university based in Cardiff, Wales. Founded by royal charter in 1893 as a federal university with three constituent colleges – Aberystwyth, Bangor and Cardiff � ...

Aberystwyth Aberystwyth () is a university and seaside town as well as a community in Ceredigion, Wales. Located in the historic county of Cardiganshire, means "the mouth of the Ystwyth". Aberystwyth University has been a major educational location in ...

, was trying to improve

Dan Farmer Dan Farmer (born April 5, 1962) is an American computer security researcher and programmer who was a pioneer in the development of vulnerability scanners for Unix operating systems and computer networks. Life and career Farmer developed his ...

's 'pwc' cracker in COPS. Muffett found that by re-engineering the memory management, he got a noticeable performance increase. This led to a total rewrite which became "Crack v2.0" and further development to improve usability.

Public Releases

The first public release of Crack was version 2.7a, which was posted to the

Usenet Usenet () is a worldwide distributed discussion system available on computers. It was developed from the general-purpose Unix-to-Unix Copy (UUCP) dial-up network architecture. Tom Truscott and Jim Ellis conceived the idea in 1979, and it was ...

newsgroups alt.sources and alt.security on 15 July 1991. Crack v3.2a+fcrypt, posted to comp.sources.misc on 23 August 1991, introduced an optimised version of the

crypt() function but was still only really a faster version of what was already available in other packages. The release of Crack v4.0a on 3 November 1991, however, introduced several new features that made it a formidable tool in the

arsenal. * Programmable dictionary generator * Network distributed password cracking Crack v5.0a released in 2000 did not introduce any new features, but instead concentrated on improving the code and introducing more flexibility, such as the ability to integrate other crypt() variants such as those needed to attack the MD5 password hashes used on more modern

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

and

Windows NT Windows NT is a proprietary graphical operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems sc ...

systems. It also bundled Crack v6 - a ''minimalist password cracker'' and Crack v7 - a ''brute force password cracker''.

Legal issues arising from using Crack

Randal L. Schwartz Randal L. Schwartz (born November 22, 1961), also known as merlyn, is an American author, system administrator and programming consultant. He has written several books on the Perl programming language, and plays a promotional role within the Per ...

, a notable

Perl Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it also referred to its redesigned "sister language", Perl 6, before the latter's name was offici ...

programming expert, in 1995 was prosecuted for using Crack on the password file of a system at

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...

, a case the verdict of which was eventually

expunged In the common law legal system, an expungement proceeding is a type of lawsuit in which a first time offender of a prior criminal conviction seeks that the records of that earlier process be sealed or destroyed, making the records nonexistent or u ...

. Crack was also used by

Kevin Mitnick Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author, and convicted hacker. He is best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crim ...

when hacking into

Sun Microsystems Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the ...

in 1993.

Programmable dictionary generator

While traditional

tools simply fed a pre-existing dictionary of words through the crypt() function, Crack v4.0a introduced the ability to apply rules to this word list to generate modified versions of these word lists. These could range from the simple (do not change) to the extremely complex - the documentation gives this as an example: : ''X<8l/i/olsi1so0$='' : ''Reject the word unless it is less than 8 characters long, lowercase the word, reject it if it does not contain both the letter 'i' and the letter 'o', substitute all i's for 1's, substitute all o's for 0's, and append an = sign.'' These rules could also process the

GECOS field The gecos field, or GECOS field is a field in each record in the /etc/passwd file on Unix and similar operating systems. On UNIX, it is the 5th of 7 fields in a record. It is typically used to record general information about the account or its us ...

in the password file, allowing the program to use the stored names of the users in addition to the existing word lists. Crack's dictionary generation rule syntax was subsequently borrowed and extended by

Solar Designer Alexander Peslyak (Александр Песляк) (born 1977), better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the f ...

for

John the Ripper John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS) ...

. The dictionary generation software for Crack was subsequently reused by Muffett to creat
CrackLib
a proactive password checking library that is bundled with

Debian Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of D ...

and

Red Hat Enterprise Linux Red Hat Enterprise Linux (RHEL) is a commercial open-source Linux distribution developed by Red Hat for the commercial market. Red Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z and a desktop version ...

-derived Linux distributions.

Network distributed password cracking

As password cracking is inherently

embarrassingly parallel In parallel computing, an embarrassingly parallel workload or problem (also called embarrassingly parallelizable, perfectly parallel, delightfully parallel or pleasingly parallel) is one where little or no effort is needed to separate the problem i ...

Crack v4.0a introduced the ability to use a network of

heterogeneous Homogeneity and heterogeneity are concepts often used in the sciences and statistics relating to the uniformity of a substance or organism. A material or image that is homogeneous is uniform in composition or character (i.e. color, shape, siz ...

workstations connected by a shared filesystem as parts of a distributed

effort. All that was required for this was to provide Crack with a configuration file containing the machine names, processing power rates and flags required to build Crack on those machines and call it with the ''-network'' option.

References

External links