Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: encryption/cracking

  1. #1
    Join Date
    Jul 2004


    i was wondering if anyone knew if there was a program out there that people could get ahold of to crack passwords. i don't mean by brute force, i mean a REAL cracker that goes through every single integer/char even possibly ascii chars(optional?) up to 24 chars to crack said password. im worried about starting websites etc etc and having someone crack my passwords, let alone my universal password i use for certain things. kind of new to encryption so i can give much more info on what im talking about. also does anyone know of a reliable site etc to get high level encryption source etc in case i start developing again (im behind in times;\ )

  2. #2
    Join Date
    Nov 2004
    Isn't that essentialy a brute force cracker? I thought that was how they worked; by trying every possible combination of bits to find the correct one.
    If everything looks perfect, then there is something you don\'t know

  3. #3
    Join Date
    Jul 2004
    the original brute force cracker i remember was a dictionary cracker.

  4. #4
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    3rd Rock from Sun
    let alone my universal password i use for certain things
    You can stop THIS for a start ........
    then you will automatically be more secure, because the 'turd' will have to force EVERY password ...............

    You cannot remain safe behind static defences
    so you have to start utilising good STRONG passwords / passphrases AND change them on a regular basis [30 / 60 / 90 day cycles]

    the turds are a part of our online life nowadays, so why make it any easier for them than you absolutely HAVE to ?
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  5. #5

    brute force

    A dictionary attack is not a brute-force attack. Brute-force attacks
    by definition try every single possibility [exhaustive search] whereas
    a dictionary attack narrows down the possiblities [in this case to the
    words in the dictionary] - of course on that level of sophistication you
    now have bruteforce dictionary attacks versus other dictionary attacks
    that add another layer of elegance and efficiency.
    A good password would be long and contain non-alphabetic characters
    since a permutation attack would take forever. Like an encrypting key,
    a passwords strength is based on two factors: length and symbol space.
    The symbols space is those characters that can be used [i.e., all ASCII
    characters] and the length is how many characters. The length actually
    affects the strength more since the permutation count equals:
    (symbol space)^(length)
    Dr MindHacker
    Open Source Developer

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    Perhaps the greatest threat would be from "rainbow tables", which are essentially precomputed brute force password cracks. They greatly speed up the process.

    However they require considerable resource to compute and massive storage space. I would go along with Dr MindHacker in that length is more important than complexity (provided that you are not using dictionary words). The most commonly available tables only go up to 14 characters or so, and take up 60Gb of disk space.

    You must now ask yourself where the attack is likely to come from? if it is skiddies then a 24 character password should be strong enough, as they are unlikely to have the tables to crack that.

    If it is the FEDs you are SOL

  7. #7
    Yea, Rainbow Tables are very similar to what I used in
    my cipher cracker - I have a static set of files [up to 30 MB]
    of generated patterns that reduces the computation time
    in terms of pattern extraction and pattern searching...
    However, unless you plan on running an ecommerce site,
    I doubt you'll have any worries about it being hacked except
    by script kiddes.
    Dr MindHacker
    Open Source Developer

  8. #8
    Join Date
    Jun 2005

    The problem with what you are describing is the maths. Essentially, an ennumerator program (which can be quite easily written using C++ for example using a data structure to hold 24 x 255 sets of characters and use a recursive function to odometerize the selection) has to deal with every permutation of ASCII up to 24 slots which is mathematically equal to 255^24 i.e there are 255(1) x 255(2) x 255(3)...x255(24) choices. And this is before you move into unicode.

    You then have to hash the results according to whatever method is being used to encrypt to produce your rainbow tables and then sort these for fast searching. Obviously there are different rainbow tables for MD5 etc. Finally, as someone else pointed out, you have to store the results.

    As you can imagine, you need fairly powerful and/or multi-distributed computing power to undertake this kind of task. Which is why the rainbow project has taken a number of years to complete.

    And the project runs into mud at this point because as fast as you can hash, new hashing techniques can be created and applied. eg. MD6 is coming out soon, if it hasn't already.

    Of course there is a limit to how much computing power exists, both economically and in terms of the laws of physics. Moore's law determines that computing power grows exponentially each decade but thereby also sets a limit on the growth of computing power in any one decade. Boltzmann's limit determines that as the amount of power required to compute approaches the energy output of the sun, computing ability will rapidly tail off. Somewhere between these two is a theoric maximum of computing power. Materials science also affects the outcome. There is only so much silicon out there so new materials will be required soon (already happening).

    As this point is approached, efficiency rather than brute force effectiveness will be required. This already happens of course because economic limits are approached sooner in each decade than physical ones. For example, elliptic curve and knapsack cryptography is more efficent than using RSA based methods, although public/private key systems are still less efficient than symmetrical key cryptography whatever method is used. What smart aleck said quantum just there now under their breath?

    So you are welcome to writing such a program but see you next decade if you are planning on running it with any degree of seriousness.

    The low hanging fruit of password cracking is social engineering. It is always faster and easier to breach protocol than technology.

    Yurt Ennez
    No one can foresee the consequences of being clever.

  9. #9
    lol... my program [kernel at least] is specifically for monoalphabetic substitution ciphers - not
    a "serious" cracker. I wrote begain it out of curiosity and combining my two
    interestests: coding and crypto.
    I do believe it is the most efficient algorithm for *its* purpose - not modern
    cryptanalytic attacks.

    Dr MindHacke
    Dr MindHacker
    Open Source Developer

  10. #10
    Join Date
    Nov 2005
    i'm sure there's a program that does what you want, basically all it is, is a series of nested loops depending on how many characters you want to use, just going up through the ascii table from your start char to your end char. i tossed together a small java example of what you seem to want.
    public class cracker {
    	public cracker() {
    	public static void main(String args[]) {
    		final char start = 33;
    		final char end = 127;
    		for(char one = start; one < end; one++) {
    			for(char two = start; two < end; two++) {
    				for(char three = start; three < end; three++) {
    					System.out.println(one + "" + two + "" + three);
    ascii table for reference: http://www.lookuptables.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts