|
Viper 1.4 - Cracking UNIX Passwords Brute Force - Page 2 |
|||||||||||||||||||||||||||||||||||||||||||||||||
combinations we need to check. Using the example of a password with max. 8 characters (all lower case), we can calculate the total number of combinations (example for the 26 lowercase letters of the english alphabet):
= 217,180,147,158 combinations! Considering that passwords not only have lowercase characters, but can be a mixture of lowercase, uppercase, numbers and special characters, the number of combinations to search increases drastically (see table). |
Search spaces for other character sets:
|
||||||||||||||||||||||||||||||||||||||||||||||||
In order to go through the vast search space as fast as possible, it is important to increase the hash computation speed. For the standard UNIX 'crypt' hash generation, the UFC-crypt package is optimized for different hardware with 32-bit and 64-bit CPU's. Adding a counter and a timer to the crack program will tell how many 'crypts' (and comparisons) can be done per second, giving us a estimate of the total time needed to search through all combinations of a character set. Compiling the program on different hardware and operating systems will give us an idea how systems compare in their |
speed for cracking passwords. The first results on a 650 Mhz Pentium III system showed consistent 50,000 c/s (cracks per second).
Let's calculate the time for all combinations:
total # combinations / 50,000 cracks/sec = total number of seconds needed 5656642206396600 / 50,000 cracks/sec = 113132844128 secs, / 86,400 (secs per day) = 1309408 days, / 365 (days per year) = 3587 years !!! <page 3> |
||||||||||||||||||||||||||||||||||||||||||||||||
   |