John the Ripper – Zip Password help – Latter half digit command advice

I’m trying to use John to recover some old ZIP files with a password I remember half. One half being a word, the latter half being a mix of four to six digits.
I remember the word, but not the digits after it, what line of code/command can… Continue reading John the Ripper – Zip Password help – Latter half digit command advice

Need help cracking Apple DMG password with 256 bit AES encryption. likely know many characters of the password. Will Pay $$

I’ve been locked out of my personal files for years. They are in a DMG that are protected by a 256 bit encryption. I’ve run the password hash with a custom word list of what I think are partial words, phrases, and numbers I used are with J… Continue reading Need help cracking Apple DMG password with 256 bit AES encryption. likely know many characters of the password. Will Pay $$

How certain is it that a shorter password can’t match the salted hash of a long one? [migrated]

We (collectively) salt passwords, then hash them; maybe even run them through something like PBKDF2 first (depending on how the password will be used).
The end result is that we have a string p and map it to a fixed-length string p’ using … Continue reading How certain is it that a shorter password can’t match the salted hash of a long one? [migrated]

How to crack KeePass database when knowing the first part of the master password [duplicate]

I have a KeePass 2.47 database which is protected with a master password and a key file.
I managed to lose the 2nd part of my master password. So, I have access to the database, the key file and the first part of the master password (ftyhb… Continue reading How to crack KeePass database when knowing the first part of the master password [duplicate]

john the ripper tool – how to combine wordlist with incremental modes?

In hashcat, when we need to crack password based on wordlist, but additionally want to try partly bruteforce random ASCII characters in the end of any entry from the wordlist, we can use the following command:
hashcat -a 6 -m 1800 .\unshad… Continue reading john the ripper tool – how to combine wordlist with incremental modes?

Is there any good way of calculating a brain-generated password’s entropy?

After reading this post, I understand that a password’s entropy depends on the assumptions made when it is to be attacked (e.g. if it is generated randomly from a list of 2048 words, etc.).
Let’s suppose an attacker managed to enter some u… Continue reading Is there any good way of calculating a brain-generated password’s entropy?

Thermal Camera Plus Machine Learning Reads Passwords Off Keyboard Keys

An age-old vulnerability of physical keypads is visibly worn keys. For example, a number pad with digits clearly worn from repeated use provides an attacker with a clear starting point. …read more Continue reading Thermal Camera Plus Machine Learning Reads Passwords Off Keyboard Keys