-
December 31st, 2005, 12:10 AM
#1
Banned
encryption/cracking
i was wondering if anyone knew if there was a program out there that people could get ahold of to crack passwords. i don't mean by brute force, i mean a REAL cracker that goes through every single integer/char even possibly ascii chars(optional?) up to 24 chars to crack said password. im worried about starting websites etc etc and having someone crack my passwords, let alone my universal password i use for certain things. kind of new to encryption so i can give much more info on what im talking about. also does anyone know of a reliable site etc to get high level encryption source etc in case i start developing again (im behind in times;\ )
-
December 31st, 2005, 12:20 AM
#2
Isn't that essentialy a brute force cracker? I thought that was how they worked; by trying every possible combination of bits to find the correct one.
If everything looks perfect, then there is something you don\'t know
-
December 31st, 2005, 12:28 AM
#3
Banned
the original brute force cracker i remember was a dictionary cracker.
-
December 31st, 2005, 12:50 AM
#4
let alone my universal password i use for certain things
You can stop THIS for a start ........
then you will automatically be more secure, because the 'turd' will have to force EVERY password ...............
You cannot remain safe behind static defences
so you have to start utilising good STRONG passwords / passphrases AND change them on a regular basis [30 / 60 / 90 day cycles]
the turds are a part of our online life nowadays, so why make it any easier for them than you absolutely HAVE to ?
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
January 1st, 2006, 04:00 PM
#5
Junior Member
brute force
A dictionary attack is not a brute-force attack. Brute-force attacks
by definition try every single possibility [exhaustive search] whereas
a dictionary attack narrows down the possiblities [in this case to the
words in the dictionary] - of course on that level of sophistication you
now have bruteforce dictionary attacks versus other dictionary attacks
that add another layer of elegance and efficiency.
A good password would be long and contain non-alphabetic characters
since a permutation attack would take forever. Like an encrypting key,
a passwords strength is based on two factors: length and symbol space.
The symbols space is those characters that can be used [i.e., all ASCII
characters] and the length is how many characters. The length actually
affects the strength more since the permutation count equals:
(symbol space)^(length)
Dr MindHacker
Open Source Developer
http://www.cjb.cc/members/evercrack/index.html
http://www.sourceforge.net/projects/evercrack/
-
January 1st, 2006, 04:20 PM
#6
Perhaps the greatest threat would be from "rainbow tables", which are essentially precomputed brute force password cracks. They greatly speed up the process.
However they require considerable resource to compute and massive storage space. I would go along with Dr MindHacker in that length is more important than complexity (provided that you are not using dictionary words). The most commonly available tables only go up to 14 characters or so, and take up 60Gb of disk space.
You must now ask yourself where the attack is likely to come from? if it is skiddies then a 24 character password should be strong enough, as they are unlikely to have the tables to crack that.
If it is the FEDs you are SOL
-
January 1st, 2006, 05:34 PM
#7
Junior Member
Yea, Rainbow Tables are very similar to what I used in
my cipher cracker - I have a static set of files [up to 30 MB]
of generated patterns that reduces the computation time
in terms of pattern extraction and pattern searching...
However, unless you plan on running an ecommerce site,
I doubt you'll have any worries about it being hacked except
by script kiddes.
Dr MindHacker
Open Source Developer
http://www.cjb.cc/members/evercrack/index.html
http://www.sourceforge.net/projects/evercrack/
-
January 3rd, 2006, 12:30 PM
#8
Member
Hi,
The problem with what you are describing is the maths. Essentially, an ennumerator program (which can be quite easily written using C++ for example using a data structure to hold 24 x 255 sets of characters and use a recursive function to odometerize the selection) has to deal with every permutation of ASCII up to 24 slots which is mathematically equal to 255^24 i.e there are 255(1) x 255(2) x 255(3)...x255(24) choices. And this is before you move into unicode.
You then have to hash the results according to whatever method is being used to encrypt to produce your rainbow tables and then sort these for fast searching. Obviously there are different rainbow tables for MD5 etc. Finally, as someone else pointed out, you have to store the results.
As you can imagine, you need fairly powerful and/or multi-distributed computing power to undertake this kind of task. Which is why the rainbow project has taken a number of years to complete.
And the project runs into mud at this point because as fast as you can hash, new hashing techniques can be created and applied. eg. MD6 is coming out soon, if it hasn't already.
Of course there is a limit to how much computing power exists, both economically and in terms of the laws of physics. Moore's law determines that computing power grows exponentially each decade but thereby also sets a limit on the growth of computing power in any one decade. Boltzmann's limit determines that as the amount of power required to compute approaches the energy output of the sun, computing ability will rapidly tail off. Somewhere between these two is a theoric maximum of computing power. Materials science also affects the outcome. There is only so much silicon out there so new materials will be required soon (already happening).
As this point is approached, efficiency rather than brute force effectiveness will be required. This already happens of course because economic limits are approached sooner in each decade than physical ones. For example, elliptic curve and knapsack cryptography is more efficent than using RSA based methods, although public/private key systems are still less efficient than symmetrical key cryptography whatever method is used. What smart aleck said quantum just there now under their breath?
So you are welcome to writing such a program but see you next decade if you are planning on running it with any degree of seriousness.
The low hanging fruit of password cracking is social engineering. It is always faster and easier to breach protocol than technology.
Yurt Ennez
No one can foresee the consequences of being clever.
-
January 3rd, 2006, 02:39 PM
#9
Junior Member
lol... my program [kernel at least] is specifically for monoalphabetic substitution ciphers - not
a "serious" cracker. I wrote begain it out of curiosity and combining my two
interestests: coding and crypto.
I do believe it is the most efficient algorithm for *its* purpose - not modern
cryptanalytic attacks.
Dr MindHacke
Dr MindHacker
Open Source Developer
http://www.cjb.cc/members/evercrack/index.html
http://www.sourceforge.net/projects/evercrack/
-
January 3rd, 2006, 03:50 PM
#10
i'm sure there's a program that does what you want, basically all it is, is a series of nested loops depending on how many characters you want to use, just going up through the ascii table from your start char to your end char. i tossed together a small java example of what you seem to want.
Code:
public class cracker {
public cracker() {
}
public static void main(String args[]) {
final char start = 33;
final char end = 127;
for(char one = start; one < end; one++) {
for(char two = start; two < end; two++) {
for(char three = start; three < end; three++) {
System.out.println(one + "" + two + "" + three);
}
}
}
}
}
ascii table for reference: http://www.lookuptables.com/
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|