Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  
Pages: 1 2 [3] 4 5 6

Author Topic: Password Breaker  (Read 7006 times)

Jookia

  • Bay Watcher
    • View Profile
Re: Password Breaker
« Reply #30 on: March 14, 2010, 03:21:13 pm »

If it were words, a dictionary attack would work great.

Also, I stopped math at grade 5 and even then I didn't know the basic multiplication and subtrcation.
Logged

G-Flex

  • Bay Watcher
    • View Profile
Re: Password Breaker
« Reply #31 on: March 14, 2010, 06:49:13 pm »

There seems to be an assumption that the brute force script has to get through every possible password combination before finding the right one.

I wasn't assuming this in my calculations. I was trying to find a number of tries necessary for you to have a 50% chance of finding it. Obviously, yeah, you can get it before then, but you can't count on it.


However, my probabilities for finding it WERE a little on the low side, due to something I just realized: They assume that you're trying random passwords each time, which you're not, since you aren't going to try the same password more than once. I forgot to account for that, and it might make a significant difference.
Logged
There are 2 types of people in the world: Those who understand hexadecimal, and those who don't.
Visit the #Bay12Games IRC channel on NewNet
== Human Renovation: My Deus Ex mod/fan patch (v1.30, updated 5/31/2012) ==

The Scout

  • Bay Watcher
  • ?????
    • View Profile
Re: Password Breaker
« Reply #32 on: March 16, 2010, 03:41:25 pm »

Any other methods?
Logged
Whatever you do, don't agree to stop looking at pornography or getting help from Jesus.
"mind if I sig this"
 - Person who isn't actually going to put that in their sig

G-Flex

  • Bay Watcher
    • View Profile
Re: Password Breaker
« Reply #33 on: March 16, 2010, 03:42:39 pm »

Why do you need other methods? I linked you to a tool that can recover the password for you in what is probably a very small amount of time.
Logged
There are 2 types of people in the world: Those who understand hexadecimal, and those who don't.
Visit the #Bay12Games IRC channel on NewNet
== Human Renovation: My Deus Ex mod/fan patch (v1.30, updated 5/31/2012) ==

kcwong

  • Bay Watcher
    • View Profile
Re: Password Breaker
« Reply #34 on: March 17, 2010, 12:33:33 am »

We were having this conversation on /g/ last night. Some script kiddie wanted to break a 20 character long password that contained only letters (uppercase and lowercase) and thought he was hot shit using 60 computers at once to do the cracking. The math worked out to be it'd take him the region of a couple billion years to get it. Using just one computer would mean he'd have to calculate past the heat death of the universe.

With a realistic setup he won't be able to crack even a 5 characters long alphabetic password.

Password retry count. Fail to authenticate a few times, and the account is blocked.

Windows/Active Directory can be configured not to block account (to minimize admin efforts), and instead introduces a time delay when you fail to authenticate several times in a row. The delay will grow faster and faster as you keep trying.
Logged

Shades

  • Bay Watcher
    • View Profile
Re: Password Breaker
« Reply #35 on: March 17, 2010, 06:15:44 am »

In this case he has access to the system though so it can be done much much faster. For example Philippe Oechslin recently used hashed lookup tables on a single machine and was processing over 300 billion attempts a second.

Which means a 14 character random password takes around 5.3 seconds. (This was windows XP password hashes, not sure how different vista or windows 7 ones are, also it ignores the fact you can just elevate your privileges programmaticly too)

Technically this is a dictionary attack not a brute force, but the dictionary contains the hash for every password in the search space. (Just like if you search on google with an md5 or sha1 hash for your password it'll tell you what the original word was and a reason people should learn to use salts)
Logged
Its like playing god with sentient legos. - They Got Leader
[Dwarf Fortress] plays like a dizzyingly complex hybrid of Dungeon Keeper and The Sims, if all your little people were manic-depressive alcoholics. - tv tropes
You don't use science to show that you're right, you use science to become right. - xkcd

Blacken

  • Bay Watcher
  • Orange Polar Bear
    • View Profile
Re: Password Breaker
« Reply #36 on: March 17, 2010, 11:32:50 am »

But salting is hard! :(

Logged
"There's vermin fish, which fisherdwarves catch, and animal fish, which catch fisherdwarves." - Flame11235

SHAD0Wdump

  • Bay Watcher
  • Hiding in SPAAACE!!!
    • View Profile
Re: Password Breaker
« Reply #37 on: March 17, 2010, 12:23:19 pm »

But salting is hard! :(
Heres a hint, don't turn the shaker upside down. Instead turn it on it's side.
Logged

Shades

  • Bay Watcher
    • View Profile
Re: Password Breaker
« Reply #38 on: March 18, 2010, 03:07:43 am »

But salting is hard! :(

I assume your joking? But I don't get it  :) This might be because I've not had sleep this week and my b brain isn't working well.
Logged
Its like playing god with sentient legos. - They Got Leader
[Dwarf Fortress] plays like a dizzyingly complex hybrid of Dungeon Keeper and The Sims, if all your little people were manic-depressive alcoholics. - tv tropes
You don't use science to show that you're right, you use science to become right. - xkcd

Blacken

  • Bay Watcher
  • Orange Polar Bear
    • View Profile
Re: Password Breaker
« Reply #39 on: March 18, 2010, 10:44:05 am »

But salting is hard! :(

I assume your joking? But I don't get it  :) This might be because I've not had sleep this week and my b brain isn't working well.
I'm currently working on un-screwing some dumbass's web code. That was his reason for not following anything remotely close to modern best practices.
Logged
"There's vermin fish, which fisherdwarves catch, and animal fish, which catch fisherdwarves." - Flame11235

RandomNumberGenerator

  • Bay Watcher
  • Nope.
    • View Profile
Re: Password Breaker
« Reply #40 on: March 18, 2010, 03:14:28 pm »

How are you guys getting the probability of these figures? I'm no math student, so I can't figure it out myself (I've been trying 26*25*24*23 like I learned in Grade 11, the last year I ever touched math, but that's tedious and leaves me to flounder a lot. Also, it's incorrect).

I think it's 26*26*26*26*26 [...] for a password that's all uppercase letters, then 52*52*52*52*52 [...] for upper and lowercase... add in numbers and characters makes it even more complex.
Logged
The end of the world is more fun then I expected.

Ninteen45

  • Bay Watcher
    • View Profile
Re: Password Breaker
« Reply #41 on: March 18, 2010, 03:30:01 pm »

...assuming that all passwords on the internet are ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ.
Logged
Max characters: 500; characters remaining: 395
Images in your signature must be no higher than 80 pixels.

Virex

  • Bay Watcher
  • Subjects interest attracted. Annalyses pending...
    • View Profile
Re: Password Breaker
« Reply #42 on: March 18, 2010, 07:09:21 pm »

You're right, but to calculate the chance you're looking for you've probably got to use a recursive formula and devising one is making my headcrab hurt right now. I';ll probably attempt to give you a meaningfull awnser tommorow
« Last Edit: March 18, 2010, 07:17:48 pm by Virex »
Logged

G-Flex

  • Bay Watcher
    • View Profile
Re: Password Breaker
« Reply #43 on: March 18, 2010, 10:19:56 pm »

How are you guys getting the probability of these figures? I'm no math student, so I can't figure it out myself (I've been trying 26*25*24*23 like I learned in Grade 11, the last year I ever touched math, but that's tedious and leaves me to flounder a lot. Also, it's incorrect).

I think it's 26*26*26*26*26 [...] for a password that's all uppercase letters, then 52*52*52*52*52 [...] for upper and lowercase... add in numbers and characters makes it even more complex.

That's for the number of possibilities, yes (n^m, where n is the number of characters in the set you're choosing from and m is the amount of characters that compose the string.. same as with numbers or anything else, really), but not for the probability of getting it right within a certain number of tries.

Imagine you're trying to pick a certain card out of a deck. There are 52 possibilities. The first time you pick, you have a 1/52 chance of getting it right (and 51/52 of getting it right). The second time you pick, you've already limited a possibility, so now you're picking from a pool of the 51 left over, so you have a 1/51 chance of getting it right that time (50/51 of getting it wrong).

So, your chance of getting it wrong after seven tries is:
(51/52)*(50/51)*(49/50)*(48/49)*(47/48)*(46/47)*(45/46)

The same logic applies to cracking a password, unless you're clueless enough to attempt the same password twice (a mistake I accidentally made in my original math, since I was assuming you were trying random passwords each time.. which is because, because you're not; you're eliminating the ones you've already tried).

You could represent the above using a product series to make it look nicer, but you get the point.


If you just want to know how long it would take to have a 50% chance of getting it right, that's easier, since intuitively it's obvious (and happens to be correct) that if you try half of the possibilities, you have 50% chance of getting it right by the time you've tried that many. Of course, there's also a chance you'll get it right long before then, or long after; that 50% chance isn't the chance that you'll get it right on the exact try when you've exhausted half the possibilities, just the chance that you'll have gotten it right by that time.
Logged
There are 2 types of people in the world: Those who understand hexadecimal, and those who don't.
Visit the #Bay12Games IRC channel on NewNet
== Human Renovation: My Deus Ex mod/fan patch (v1.30, updated 5/31/2012) ==

Soadreqm

  • Bay Watcher
  • I'm okay with this. I'm okay with a lot of things.
    • View Profile
Re: Password Breaker
« Reply #44 on: March 19, 2010, 04:32:24 pm »

I have another method! ;D

1) Install Linux. You don't really have to install it, just run it off a live CD or something.
2) Back up all relevant game files, and everything else you don't want to permanently lose. An external hard drive would be good here, but you can make do with USB memory sticks or blank CDs if that's all you have.
3) Reinstall Windows. Define new password. Write the fucking password down on a slip of paper so you don't forget it again.
4) Put all the backed-up stuff back.
5) Of course, your registry's borked now.
6) Let that be a lesson to you.

Actually, does repair-installing windows or whatever let you reset the admin password? I forget. If yes, you can skip steps 1) and 2). The point is that breaking the password is not necessary since the files aren't actually encrypted or anything.
Logged
Pages: 1 2 [3] 4 5 6