|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 36
Members: 0
Total: 36
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Brute forcing improving ideas... |
|
Posted: Fri Oct 31, 2008 11:10 am |
|
|
_mranderson_ |
Valuable expert |
|
|
Joined: Oct 30, 2008 |
Posts: 51 |
|
|
|
|
|
|
|
I was thinking, in the last few days, of a way to improve bruteforcing... here what came in my mind:
Let's define bruteforce improving:
we should aim at the most high probability to find the password using the less time possible.
well, assuming that most passwords are readable words plus (possibly) some numbers, we could improve our password-generating algorithm so that, instead of picking any possible password (thus even unreadable passwords like "abbbttk") it would generate just readable passwords..
one thing we must keep in mind is that the slower our password algorihm is the worst it is (I mean it's better to try more passwords but faster than less but a lot slower).
so, if we want to achieve this goal, we have to put rules to create readable words:
I think that a simple (and fast) rule to apply would be to never put more than 2 consonants or vocals one past another while generating the password (some letters like "h" should not be considered vocals nor consonants and others like "y" should be considered vocals), so that generated words would always fit the charset but never be unreadable (numbers could be considered vocals/consonants too, eg.: "1" is "i"/"l", "2" is "r", "3" is "e"...) thus reducing the keyspace, and conseguently the time needed to generate all the possible passwords. Of course this method should never be used untill the keyspace doesn't become big enough to be impossible to be completed (like passwords over 8-9 chars length with a charset length of 36 could be quite a pain to be completed).
Just let me know what you think, and I might implement an md5 bruteforcer that supports IPB md5(md5(salt).md5(pwd)) hashing algorithm and uses this method to bruteforce your hashes... |
|
|
|
|
|
|
Re: Brute forcing improving ideas... |
|
Posted: Fri Oct 31, 2008 11:30 am |
|
|
gyan007 |
Advanced user |
|
|
Joined: Oct 17, 2008 |
Posts: 106 |
|
|
|
|
|
|
|
_mranderson_ wrote: | I was thinking, in the last few days, of a way to improve bruteforcing... here what came in my mind:
Let's define bruteforce improving:
we should aim at the most high probability to find the password using the less time possible.
well, assuming that most passwords are readable words plus (possibly) some numbers, we could improve our password-generating algorithm so that, instead of picking any possible password (thus even unreadable passwords like "abbbttk") it would generate just readable passwords..
one thing we must keep in mind is that the slower our password algorihm is the worst it is (I mean it's better to try more passwords but faster than less but a lot slower).
so, if we want to achieve this goal, we have to put rules to create readable words:
I think that a simple (and fast) rule to apply would be to never put more than 2 consonants or vocals one past another while generating the password (some letters like "h" should not be considered vocals nor consonants and others like "y" should be considered vocals), so that generated words would always fit the charset but never be unreadable (numbers could be considered vocals/consonants too, eg.: "1" is "i"/"l", "2" is "r", "3" is "e"...) thus reducing the keyspace, and conseguently the time needed to generate all the possible passwords. Of course this method should never be used untill the keyspace doesn't become big enough to be impossible to be completed (like passwords over 8-9 chars length with a charset length of 36 could be quite a pain to be completed).
Just let me know what you think, and I might implement an md5 bruteforcer that supports IPB md5(md5(salt).md5(pwd)) hashing algorithm and uses this method to bruteforce your hashes... |
So... You basically mean wordlists? |
|
|
|
|
|
|
|
|
Posted: Fri Oct 31, 2008 12:38 pm |
|
|
epro |
Regular user |
|
|
Joined: Feb 11, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
Yes, for thing like you said is wordlists! Bruteforce aim is to check all possibilities to find password! No clever algorithm! Just numbers, letters and special symbols! |
|
|
|
|
Posted: Fri Oct 31, 2008 1:24 pm |
|
|
_mranderson_ |
Valuable expert |
|
|
Joined: Oct 30, 2008 |
Posts: 51 |
|
|
|
|
|
|
|
I don't think you can find a wordlist with every possible readable password of the length you choose and with the charset you want...
I mean a wordlist contains words you use in your language, not all readable words from 1 to 8 using abcdefghijklmnopqrstuvwxyz0123456789 as charset
also this method would reduce the keyspace enourmously... try to crack a 10 chars length password with numbers and letters using the standard bruteforce method.. you will need like 1000 years, with this method maybe you need 100 (that's still a lot, but it's always 1/10 of the time) and you always have a high probability of finding the password... |
|
|
|
|
|
|
|
|
Posted: Fri Nov 14, 2008 12:48 pm |
|
|
ThoR |
Regular user |
|
|
Joined: Nov 13, 2008 |
Posts: 5 |
|
|
|
|
|
|
|
And if you use a GPU enabled approach u can cut the 100 years to 1 ^^
i personally like the idea. for passlengths of over 10 chars, i would gladly forfeit the "it will sure find it" of standard bruteforce for the, let's hope it finds it of this approach ^^ |
|
|
|
|
|
|
|
|
Posted: Fri Nov 14, 2008 4:59 pm |
|
|
_mranderson_ |
Valuable expert |
|
|
Joined: Oct 30, 2008 |
Posts: 51 |
|
|
|
|
|
|
|
Exactly, I mean wouldn't that be sweet if such GPU enable bruteforcers would let you choose to use this option or not? I don't think a --readable switch would be so hard to implement for those whome already implemented such programs.. that' would be really nice.
ThoR idk if you would be able to sugges this to the right ppl, but if you know any, pls do so. I think the most complex passwords would always be possible to be find.
For example:
a password like hi63624jk12 would be found.
6 = g
3 = e
2 = r
4 = a
1 = i/l
as you can see no more that 2 consonants/vocals would be put together in that password. so it's not true complex and long passwords wouldn't be found at all. |
|
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|