Exhaustive Password Cracking Question

Posted on 2005-04-05
Last Modified: 2008-01-09
Assume that the passwords are limited to the use of 95 printable ASCII characters and that all passwords are 10 characters in length. Assume a password cracker with an encryption rate of 6.4 million per second. How long will it take to test exhaustively all possible passwords on a UNIX system?

95^10 = 59,873,693,923,837,890,625 possible passwords
59,873,693,923,837,890,625 possible passwords / 6,400,000 passwords per sec ~= 9355264675600 seconds
 9355264675600 seconds / 60 sec per minute ~= 155921077927 minutes
155921077927 minutes / 60 minutes per hour ~= 2598684632 hours
2598684632 hours / 24 hours per day ~= 108278526 days
108278526 days / 365 days per year ~= 296653 years

So, does this seem correct? I dont think it is since 296,653 years is ... well ... kinda a long time
Anyways, I know theres no 'homework' questions here so dont gimme no flame .. this is a 'tutor' question :D
If no one is allowed to help on this then ... I WANT MAH MONAY BACK! .. haha j/k
Instead .. can someone explain to me what an encryption rate is and how it relates to password cracking?

Question by:badMotoFinga
    LVL 1

    Accepted Solution

    Yes this does seem correct, although in this case, I believe that the word encryption rate is the wrong term to use.

    " encryption rate of 6.4 million per second..." In this context, it seems that the encryption rate is actually the number of possible permutations that this password cracking program tries in order to obtain the correct password (basically the decryption rate).  Yes realistically speaking, if those calculations are correct, 296,653 years is an extremely long time.  However, this time also depends on the processor speed of the computer.  The faster the computer, the more permutations it can try in a shorter amount of time as compared to a slower one.  In addition, the workload can be distributed across several different machines, each of them working on a portion of the entire password.  Hope this helped.

    LVL 4

    Expert Comment

    yes the calculations are correct, but have a look at this:

    ...planning illegal activities...

     This one's a biggie. The clause mentions computer viruses and counterfeiting; we interpret to mean that even asking for help in producing what might be a virus is grounds for suspension. We also interpret to mean anything illegal such as building a bomb, pirating software, and sharing of serial numbers.

    see this? this is the agreement you signed when u signed up with EE. even trough it may only be for legal stuff, it may also be used to do illegal things. especially the password hacking part is hard, so i guess this question is illegal
    LVL 4

    Expert Comment

    i posted this question under the support section, so that they check if its in line with the EE rules. if it is, i can help you further with how passwords are encrypted(and STILL non hacking related then) , if it ISNTthen the question will most probally be deleted.

    LVL 38

    Expert Comment

    by:Rich Rumble
    There is an added factor with UNIX passwords, namely "SALTS". With the majority one-way hash's if you encrypt "pass1234" you will get the same results each time
    (this is pass1234 encrypted in these algo's)
    Type            Hash
    ---------            ---------
    MD2            7C5AE576F828611A01663A6D0125DC4A
    MD4            5D775CDF3BF1A7141123C714B843C0FC
    MD5            B4AF804009CB036A4CCDC33431EF9AC9
    SHA-1            789B49606C321C8CF228D17942608EFF0CCC4171
    SHA-2 (256)      BD94DCDA26FCCB4E68D6A31F9B5AAC0B571AE266D822620E901EF7EBE3A11D4F
    SHA-2 (384)      16C8D6427046CB9916A4415FB0402010B812E8B653EEC34FE936925D38C7F1FD24815E7816613F1E83707C8444D0C83A
    SHA-2 (512)      B66DD5A7A689F88E302AB2AE4A9567F9C7572C18E520B3BF712BB2630B3931A503D647BAEDF48DF470006312D07984216578B60526E5EE6137EF1FD215190A0C
    RIPEMD-160      E312CE59FC849A35E0E56951DF4A66E272251546
    LM            4FB7D301186E0EB3
    NT            8034586795EBAF0427CC3417EBEA341C
    MySQL323      494211B74DAA7A12
    MySQLSHA1      34FD07B148CCA9FCB2BE6C2EA20689053E748B13
    Cisco PIX            c41Lt0h2KZDDRftB

    With a unix password, it will be salted, and there are typically- there are 4096 salts for any unix password- but the first 2 char's are the salt, and this will add time, even though the salt is known... you still have to encrypt each word in a dictionary file with the salt and the word from the dict- doesn't add much time to the cracking however as the salt is known.

    basiclly, you shouldn't get the same hash from the same password, very often if at all... but if you had 100 users with the same pass, each with a different hash for the same pass, they will fall quickly, but not as quick as they would if you were encrypting them in an Unsalted algo.

    While I've not found one yet for *nix, there are rainbowtables that can be used to precompute all possible hash's, and then all you do is search through the file for them, makes cracking take seconds to a few minutes on windows hash's, md5 sha1 etc...
    Otherwise, BF using JohnTheRipper is very fast with a proper dictionary, and good rules added to the john.conf file. I realize it's not what your asking, but as other have indicated your match looks correct.
    LVL 3

    Expert Comment

    Your maths looks correct but you have to take into account other things like the chances of the password your looking for having as much chance of being at the start of your guesses at the end. Its very unlikely they will ever need to go through ALL combinations of a password.

    Also as EnigmaticFractal pointed out if somebody really wants to go to the effort of cracking a 10 char password they could substantually cut down the cracking time by distrobuting out the password cracking to computer clusters (which is what FBI etc use to get into siezed PC's etc). And precomputated hashes would cut the time down (what we use at work on for audit purposes).
    LVL 51

    Expert Comment

    assume that all 10 characters are the last one of your 95 range, then your calculation is correct
    assume that all 10 are the first one of your range, and it takes less than asecond to crack

    so it depends on the sequence of your characters and the algorithm how to permutate them how long you need to test,
    statistically always 296653/2 years

    Author Comment

    Thanks for your responses everyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now