Hello Mastodon,
I'm proud to announce my first (free) software, SHA1BruteForce, that performs brute-force attack to crack SHA-1 hash.
After, I began to optimized it, having fundamental questioning about C++
https://clementfevrier.fr/articles/5_xorvsneqincpp.php
It as pretty simple and it seems to perform well. It takes about 4h to crack any 6 characters password on my computer. So I decided to publish it on my server, which was not as simple as I expected
https://clementfevrier.fr/articles/6_smarthttp.php
But I also have account in the main git platforms
https://clementfevrier.fr/articles/1_identity.php
So I also published it on GitHub
https://github.com/clement-analogue/SHA1BruteForce
GitLab
https://gitlab.com/analogue/SHA1BruteForce
and FramaGit, more know by the French,
https://framagit.org/clement-analogue/SHA1BruteForce
(Thank you @Framasoft !)
It is licensed under GPL3.
It performs the tasks on the CPU only. GPU implementation does not seems possible at the time using only free software. Indeed, CUDA required the proprietary drivers and OpenCL does not seems to work properly with Nouveau (last version of the Linux kernel, i.e.4.13, on Ubuntu 16.04). But I want to use only free software (and I cannot install Nvidia drivers anyway, they do not work on my system).
It is not a revolutionary tools that intends to bit existing ones. I did it for myself, but I share it if anyone is interested.
It is my first published code, so there are most likely some improvements to do on how to write the manual, how to write the code so it can be used by others, how I should comment it, and so on. The same goes for the code itself. Feel free to comment, share, submit commit, report bugs, etc.
Why?
After my 10yo Firefox session crashed, I lost an password stored in it. But, I managed to find the hash and it turns out to be a SHA-1 hash (software installed in 2009 on my server). I could change it, I guess, but I knew that it is now considered as a weak encryption (although the first real collision is from February), so I challenged myself to recover it, so I wrote a piece of code in a bit more than a day that do the job.