Waraxe IT Security Portal

_mranderson_ · Valuable expert

I was thinking, in the last few days, of a way to improve bruteforcing... here what came in my mind:

Let's define bruteforce improving:
we should aim at the most high probability to find the password using the less time possible.

well, assuming that most passwords are readable words plus (possibly) some numbers, we could improve our password-generating algorithm so that, instead of picking any possible password (thus even unreadable passwords like "abbbttk") it would generate just readable passwords..

one thing we must keep in mind is that the slower our password algorihm is the worst it is (I mean it's better to try more passwords but faster than less but a lot slower).

so, if we want to achieve this goal, we have to put rules to create readable words:
I think that a simple (and fast) rule to apply would be to never put more than 2 consonants or vocals one past another while generating the password (some letters like "h" should not be considered vocals nor consonants and others like "y" should be considered vocals), so that generated words would always fit the charset but never be unreadable (numbers could be considered vocals/consonants too, eg.: "1" is "i"/"l", "2" is "r", "3" is "e"...) thus reducing the keyspace, and conseguently the time needed to generate all the possible passwords. Of course this method should never be used untill the keyspace doesn't become big enough to be impossible to be completed (like passwords over 8-9 chars length with a charset length of 36 could be quite a pain to be completed).

Just let me know what you think, and I might implement an md5 bruteforcer that supports IPB md5(md5(salt).md5(pwd)) hashing algorithm and uses this method to bruteforce your hashes...

gyan007 · Advanced user

epro · Regular user

Yes, for thing like you said is wordlists! Bruteforce aim is to check all possibilities to find password! No clever algorithm! Just numbers, letters and special symbols!

_mranderson_ · Valuable expert

I don't think you can find a wordlist with every possible readable password of the length you choose and with the charset you want...

I mean a wordlist contains words you use in your language, not all readable words from 1 to 8 using abcdefghijklmnopqrstuvwxyz0123456789 as charset

also this method would reduce the keyspace enourmously... try to crack a 10 chars length password with numbers and letters using the standard bruteforce method.. you will need like 1000 years, with this method maybe you need 100 (that's still a lot, but it's always 1/10 of the time) and you always have a high probability of finding the password...

ThoR · Regular user

And if you use a GPU enabled approach u can cut the 100 years to 1 ^^
i personally like the idea. for passlengths of over 10 chars, i would gladly forfeit the "it will sure find it" of standard bruteforce for the, let's hope it finds it of this approach ^^

_mranderson_ · Valuable expert

Exactly, I mean wouldn't that be sweet if such GPU enable bruteforcers would let you choose to use this option or not? I don't think a --readable switch would be so hard to implement for those whome already implemented such programs.. that' would be really nice.

ThoR idk if you would be able to sugges this to the right ppl, but if you know any, pls do so. I think the most complex passwords would always be possible to be find.

For example:

a password like hi63624jk12 would be found.

6 = g
3 = e
2 = r
4 = a
1 = i/l

as you can see no more that 2 consonants/vocals would be put together in that password. so it's not true complex and long passwords wouldn't be found at all.