badMotoFinga
asked on
Exhaustive Password Cracking Question
Assume that the passwords are limited to the use of 95 printable ASCII characters and that all passwords are 10 characters in length. Assume a password cracker with an encryption rate of 6.4 million per second. How long will it take to test exhaustively all possible passwords on a UNIX system?
95^10 = 59,873,693,923,837,890,625
59,873,693,923,837,890,625
9355264675600 seconds / 60 sec per minute ~= 155921077927 minutes
155921077927 minutes / 60 minutes per hour ~= 2598684632 hours
2598684632 hours / 24 hours per day ~= 108278526 days
108278526 days / 365 days per year ~= 296653 years
So, does this seem correct? I dont think it is since 296,653 years is ... well ... kinda a long time
Anyways, I know theres no 'homework' questions here so dont gimme no flame .. this is a 'tutor' question :D
If no one is allowed to help on this then ... I WANT MAH MONAY BACK! .. haha j/k
Instead .. can someone explain to me what an encryption rate is and how it relates to password cracking?
Thanks
95^10 = 59,873,693,923,837,890,625
59,873,693,923,837,890,625
9355264675600 seconds / 60 sec per minute ~= 155921077927 minutes
155921077927 minutes / 60 minutes per hour ~= 2598684632 hours
2598684632 hours / 24 hours per day ~= 108278526 days
108278526 days / 365 days per year ~= 296653 years
So, does this seem correct? I dont think it is since 296,653 years is ... well ... kinda a long time
Anyways, I know theres no 'homework' questions here so dont gimme no flame .. this is a 'tutor' question :D
If no one is allowed to help on this then ... I WANT MAH MONAY BACK! .. haha j/k
Instead .. can someone explain to me what an encryption rate is and how it relates to password cracking?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i posted this question under the support section, so that they check if its in line with the EE rules. if it is, i can help you further with how passwords are encrypted(and STILL non hacking related then) , if it ISNTthen the question will most probally be deleted.
COMMUNITY POST:
https://www.experts-exchange.com/questions/21378119/Question-that-doesnt-comply-with-EE-agreement-policy.html
COMMUNITY POST:
https://www.experts-exchange.com/questions/21378119/Question-that-doesnt-comply-with-EE-agreement-policy.html
There is an added factor with UNIX passwords, namely "SALTS". With the majority one-way hash's if you encrypt "pass1234" you will get the same results each time
(this is pass1234 encrypted in these algo's)
Type Hash
--------- ---------
MD2 7C5AE576F828611A01663A6D01
MD4 5D775CDF3BF1A7141123C714B8
MD5 B4AF804009CB036A4CCDC33431
SHA-1 789B49606C321C8CF228D17942
SHA-2 (256) BD94DCDA26FCCB4E68D6A31F9B
SHA-2 (384) 16C8D6427046CB9916A4415FB0
SHA-2 (512) B66DD5A7A689F88E302AB2AE4A
RIPEMD-160 E312CE59FC849A35E0E56951DF
LM 4FB7D301186E0EB3
NT 8034586795EBAF0427CC3417EB
MySQL323 494211B74DAA7A12
MySQLSHA1 34FD07B148CCA9FCB2BE6C2EA2
Cisco PIX c41Lt0h2KZDDRftB
With a unix password, it will be salted, and there are typically- there are 4096 salts for any unix password- but the first 2 char's are the salt, and this will add time, even though the salt is known... you still have to encrypt each word in a dictionary file with the salt and the word from the dict- doesn't add much time to the cracking however as the salt is known.
basiclly, you shouldn't get the same hash from the same password, very often if at all... but if you had 100 users with the same pass, each with a different hash for the same pass, they will fall quickly, but not as quick as they would if you were encrypting them in an Unsalted algo.
While I've not found one yet for *nix, there are rainbowtables that can be used to precompute all possible hash's, and then all you do is search through the file for them, makes cracking take seconds to a few minutes on windows hash's, md5 sha1 etc...
http://www.antsight.com/zsl/rainbowcrack/ http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/index.php
Otherwise, BF using JohnTheRipper is very fast with a proper dictionary, and good rules added to the john.conf file. I realize it's not what your asking, but as other have indicated your match looks correct.
-rich
(this is pass1234 encrypted in these algo's)
Type Hash
--------- ---------
MD2 7C5AE576F828611A01663A6D01
MD4 5D775CDF3BF1A7141123C714B8
MD5 B4AF804009CB036A4CCDC33431
SHA-1 789B49606C321C8CF228D17942
SHA-2 (256) BD94DCDA26FCCB4E68D6A31F9B
SHA-2 (384) 16C8D6427046CB9916A4415FB0
SHA-2 (512) B66DD5A7A689F88E302AB2AE4A
RIPEMD-160 E312CE59FC849A35E0E56951DF
LM 4FB7D301186E0EB3
NT 8034586795EBAF0427CC3417EB
MySQL323 494211B74DAA7A12
MySQLSHA1 34FD07B148CCA9FCB2BE6C2EA2
Cisco PIX c41Lt0h2KZDDRftB
With a unix password, it will be salted, and there are typically- there are 4096 salts for any unix password- but the first 2 char's are the salt, and this will add time, even though the salt is known... you still have to encrypt each word in a dictionary file with the salt and the word from the dict- doesn't add much time to the cracking however as the salt is known.
basiclly, you shouldn't get the same hash from the same password, very often if at all... but if you had 100 users with the same pass, each with a different hash for the same pass, they will fall quickly, but not as quick as they would if you were encrypting them in an Unsalted algo.
While I've not found one yet for *nix, there are rainbowtables that can be used to precompute all possible hash's, and then all you do is search through the file for them, makes cracking take seconds to a few minutes on windows hash's, md5 sha1 etc...
http://www.antsight.com/zsl/rainbowcrack/ http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/index.php
Otherwise, BF using JohnTheRipper is very fast with a proper dictionary, and good rules added to the john.conf file. I realize it's not what your asking, but as other have indicated your match looks correct.
-rich
Your maths looks correct but you have to take into account other things like the chances of the password your looking for having as much chance of being at the start of your guesses at the end. Its very unlikely they will ever need to go through ALL combinations of a password.
Also as EnigmaticFractal pointed out if somebody really wants to go to the effort of cracking a 10 char password they could substantually cut down the cracking time by distrobuting out the password cracking to computer clusters (which is what FBI etc use to get into siezed PC's etc). And precomputated hashes would cut the time down (what we use at work on for audit purposes).
Also as EnigmaticFractal pointed out if somebody really wants to go to the effort of cracking a 10 char password they could substantually cut down the cracking time by distrobuting out the password cracking to computer clusters (which is what FBI etc use to get into siezed PC's etc). And precomputated hashes would cut the time down (what we use at work on for audit purposes).
assume that all 10 characters are the last one of your 95 range, then your calculation is correct
assume that all 10 are the first one of your range, and it takes less than asecond to crack
so it depends on the sequence of your characters and the algorithm how to permutate them how long you need to test,
statistically always 296653/2 years
assume that all 10 are the first one of your range, and it takes less than asecond to crack
so it depends on the sequence of your characters and the algorithm how to permutate them how long you need to test,
statistically always 296653/2 years
ASKER
Thanks for your responses everyone.
...planning illegal activities...
This one's a biggie. The clause mentions computer viruses and counterfeiting; we interpret to mean that even asking for help in producing what might be a virus is grounds for suspension. We also interpret to mean anything illegal such as building a bomb, pirating software, and sharing of serial numbers.
see this? this is the agreement you signed when u signed up with EE. even trough it may only be for legal stuff, it may also be used to do illegal things. especially the password hacking part is hard, so i guess this question is illegal