Quiet often people ask me to bruteforce a hash for them. My usual response after the obligatory; where did you get the hash from? is “I’ll run a few dictionaries against it unless you provide me with a charset and length!”
For those that don’t understand it needs to be made clear exactly what bruteforce cracking means.
Lets just say we have a four character pin that can only contain digits; we know that there are 10,000 (104) combinations that we can try: 0000 all the way through to 9999. This is obvious to most people, so why isn’t it obvious when we also use letters and special characters?
An 8 character password of just UPPERCASE characters can contain 26 possibilities per character position (1-7 length not included). That’s 208,827,064,576 possible password combinations, or an easier representation is 268.
Now lets just say they know the password is 7 characters but dont know what character sets it contains, it means i’ll have to include a-z, A-Z, 0-9 and special characters !”#$%&'()*+,-./:;⇔?@[\]^_`{|}~.
That’s 92 (26 + 26 + 10 + 30) possible values per character position, leading to an incredible 55,784,660,123,648 possible combinations (927). And if they don’t know how long the password is what do I try? 1 character is just 92 possible combinations, but as the length grows so does the possible combinations, exponentially! And don’t forget to attempt the cracking of a password of up to length 6 also includes the possibilities of lengths 1, 2, 3, 4 & 5!
- length 1 = | 921 | 92
- length 2 = | 922 | 8464
- length 3 = | 923 | 778688
- length 4 = | 924 | 71639296
- length 5 = | 925 | 6590815232
- length 6 = | 926 | 606355001344
- length 7 = | 927 | 55784660123648
- length 8 = | 928 | 5132188731375616
- length 9 = | 929 | 472161363286556672
- length 10= | 9210| 43438845422363213824
- length 11= | 9211| 3996373778857415671808
- length 12= | 9212| 367666387654882241806336
- length 13= | 9213| 33825307664249166246182912
- length 14= | 9214| 3111928305110923294648827904
- length 15= | 9215| 286297404070204943107692167168
I hope this has given an understanding in to what it really means when “bruteforcing a hash”. In order to reduce the keyspace it’s worth trying a more sophisticated attack such as a capital as the first letter and then lowercase followed by a digit or 2; doing this massively reduces the attack time and allows much quicker cracking when using the GPU.
Oh, and before I forget don’t even get me started on the possibilities of using Russian, French or German characters, let alone the non printable characters between 0xc0 – 0xff as well!
Leave a Reply
You must be logged in to post a comment.