Using hashing and salting to crack passwords

I first started by creating a program that creates a list of combinations using the
array that was provided on the file CreatePwdFileRandom.java in order to be able to
hash it using the same piece of code that was used to create the list of hashed passwords.
Using this approach I create a piece of code that I named CreatePwdFileRandom2.java.
I wrote a static method that writes a combination of chars. This method only
writes up to two char combinations because I wanted to prove that the program is able to
crack hashed passwords. This method is later called in the main method to hash the list of
passwords. In order to print the list of chars, I used a for loop that transverse the array in
order to print it on the text file. I used the same methodology to print the two char
combination.

In order to compare the two lists of hash passwords, I wrote another piece code
that basically takes the list of ten passwords found on the text file named
hashedRandomPwd.txt. I named this program compareHashList.java. The approach I

took to compare the two lists was very simple. I fist create a static method that reads the
ten hashed passwords, used a string tokenizer to separate the tokens and store them in a
array of objects named usernames. I decided to use this approach because it makes it
easy to retrieve the owner of the password. I used a while loop that transverse the array.
Inside of the while loop I used a for loop that transverse the combination of hashed
passwords. I used a compareTo that retrieves a 0 if the two-hashed passwords were the
same. If the comparison is true, the if statement prints the username and the password of
the account. Here is a snapshoot that proves that the program compareHashList.java
was able to crack the list of hashed passwords.

The other way to encrypt a password is by including a random combination of

characters that is encrypted in combination. This technique is called salting because it
incudes a salt to hash password. This technique does not make an encrypted password
uncrack able. It is a technique that is used to make a password more time consuming to
crack.
The second list of passwords was encrypted using this technique. Because we
have to combine every salt to each password we are going to try, it will make the list of
password ten times bigger. This time we have to use a U.S. dictionary word list in order
to create the list of encrypted passwords.

In order to create the file where the salted hashed passwords were going to be
stored. I created a piece of code that reads an U.S. word dictionary file. I named this
piece of code CreatePwdFileRandom2.java. This piece of code uses the static method
already used on CompareHashList2.javawhich stores the ten passwords in an array as
Usermanes objcets. I create a modified version of the Usernames object that takes
now three parameters. It reads the ten-password list, uses a string tokenizer to separate
them into tokens in order to be able to store them in usernames objects. These objects are
going to be stored on an array in order to be easily accessible by other classes.

Another program named compareSaltList.java was created in order to compare

the created list of hashed salted U.S. diccionary word list with the list of 10 salted hashed
passords. This program works very similar to the one that compares hashed strings named
hashedRandomPwd.txt. Here is a snapshoot that proves that the program
compareSaltList.java was able to crack the list of salted passwords.