April 24th, 2005, 09:35 PM
Ok, I see where the misunderstanding lies. Iíll restate it:
Originally posted here by XTC46
this was the point I was trying to make. The guess could be off by YEARS depepnding on the passowrd. I mean if somone made their password. ABCDEFG and the scanner did that compbo right away bag, your cracked in less then a second, but if they made it !AbCdEfG! it might take a while longer.
I would like to know the time to run though the entire key space. Or, put another way, about how long would it take (ball park) if the correct password was the VERY last one tried in a brute force attack.
April 24th, 2005, 09:43 PM
XTC46 I am afraid that we both agree that Irongeek's quest is mission impossible?
It is more of a complex math model than a few simple formulae?
Anyway, as you have implied, if the answer is "somewhere between 10 seconds and 10,000 years........is that information of any practical use or relevance?
I guess that is one of the problems of probability and statistics when you have to take the whole population distribution into account
And I still haven't won the bloody national lottery (maybe I shouldn't be using john the ripper )
April 24th, 2005, 09:50 PM
Are you including the extended ASCII in the keyspace? If you are then the keyspace gets HUGE and thus the cracking time multiplies linearly.
This may help. There is an Excel Spreadsheet linked to in the top left corner that might help you get some estimations.
You have to remember that the problem has a finite answer depending on the tecgnology used. Obviously, every time a CPU gets faster the time comes down.
But also, Lophtcrack and others employ some sneaky techniques like automatic "leetspeak" substitutions during dictionary attacks with the accompanying pre and post additions. Thats a nice one because a lot of people chose a word like outcast, leetspeak it 0u+C4$+ and add a character to the front like ! making !0u+C4$+.... looks good... but the word is still outcast with leetspeak added in and the pre character.
Yes, it extends the time for a full dictionary attack quite a bit... but then again a full dictionary attack only takes a day or so depending upon the dictionary and the computer used. You'd have that password in a week on a good computer with the "enhanced" dictionary attack.
This is why I always use/recommend an extended ASCII character in passwords that you want to keep secure. Most of the password crackers aren't designed to attack the extended characters because it extends the time of crack so significantly. As a cracker i have to decide whether to attack the lower ASCII keyspace alone and see what I get or to attack the entire keyspace which extends my crack time phenomenally - BUT, if I spend the time on the lower keyspace and fail then I have to start all over... However, if I attack the entire keyspace I have to accept that I am automatically extended my crack time if it is a lower keyspace significantly.... The upshot is that by the time I crack it the user might have changed it.... But that's what encryption is all about....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
April 24th, 2005, 09:57 PM
Tiger Shark, something like Johns -i:all, which I think is 95 characters. The formula is pretty easy if you know the approximate number of password tried per second:
I'll take a look at the sheet.
/edit:Again, whole keyspace, all possible passwords are tried as if only the last one is correct.
April 24th, 2005, 10:42 PM
I appreciate what you are saying, dictionary attacks can be pretty sneaky, particularly if they have extended intelligence.
/jk some members of AO would actually beat the system provided that it did not have fuzzy logic......their spelling would protect them jk/
I think that Irongeek is interested in bruteforcing random/selected passwords though. I just tried my AO password on that tool................4,802 years? I would bet that the FBI/Secret Service/CIA could do it inside one hour with their rainbow tables (the IRS would do it in 30 seconds, but there again, they always were greedy buggers?)
Irongeek, I see what you are saying about the theoretical calculation, but a lot can depend on where you start and how you progress? I still feel that there are a lot of subtle nuances involved here?
Thanks for the link Tiger~ that was the sort of tool I was thinking of, but it is a different one to the one I saw before............which raises an issue?
If I gave the same data to both tools, would I get the same answer...........I would have thought not, but more importantly, would there be a significant difference.
If there is a significant difference, this would lend weight to XTC46 and my own suspicions that this is rather more complex than might seem at first sight?
April 24th, 2005, 11:47 PM
Ha! Mine would take 2,503,316,488.71 days on one computer.
That's about 6.8 million years.
Even with the resources of the NSA, that's still pretty tough.
Then again, by combining words to make phrases and not just letters to make words, it might be a lot simpler...
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError
April 27th, 2005, 03:10 AM
Ok, I used Cain and got some good (very) rough estimates of what I want:
1.8Ghz P4 with 512MB of RAM
Hash Type Characters Length Time
LM Alpha Numeric Single Case 1-7 10 hours
LM All Characters Single Case 1-7 35 hours
NT Alpha Numeric Single Case 1-7 6.2 hours
NT Alpha Numeric Single Case 1-14 55,000,000 years
NT All Characters Single Case 1-7 22 Days
NT All Characters Single Case 1-14 400,000,000,000 years
April 27th, 2005, 07:40 PM
And we change them every 30 days.
Nice analysis Irongeek. Is it similar to your earlier formula?
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
April 27th, 2005, 07:42 PM
No, it's just what Cain estimates when you run it on Windows hashes. Hopefully it's in the ball park.
April 27th, 2005, 08:00 PM
I pulled this information out of the cccure.org's domain 1 of the CISSP. I don't have a link for it as I downloaded it as a doc a long time ago, but if anyone wants the doc it is up on their site somewhere. Not related to a specified app, but still relative info.
Some examples of password strengths:
Password Type | Length | Possible combinations | Estimated Time to Crack
Alpha (Case in-sensitive) | 6 characters | 308,915,776 | Less than a minute
Alpha (case sensitive) | 6 characters | 19,770,609,664 |1 days
Alpha (case sensitive) and numeric | 6 characters | 56,800,235,584 | 3 days
Alpha (case sensitive), numeric and symbols | 6 characters | 606,355,001,344 | 5 weeks
Alpha (case sensitive), numeric and symbols | 9 characters | 472,161,363,286,556,672 | 77 thousand years
The estimates above are based on a rate of 100,000 attempts per seconds and assume that half of the key space must be searched. Notice how lengthening the password length has a dramatic effect on the size of the search space.