{"id":755,"date":"2012-06-15T16:12:56","date_gmt":"2012-06-15T15:12:56","guid":{"rendered":"http:\/\/www.phillips321.co.uk\/?p=755"},"modified":"2012-08-30T12:47:23","modified_gmt":"2012-08-30T11:47:23","slug":"password-bruteforcing-just-how-many-attempts","status":"publish","type":"post","link":"https:\/\/www.phillips321.co.uk\/2012\/06\/15\/password-bruteforcing-just-how-many-attempts\/","title":{"rendered":"Password Bruteforcing &#8211; Just how many attempts???"},"content":{"rendered":"<p>Quiet often people ask me to bruteforce a hash for them. My usual response after the obligatory; <em>where did you get the hash from<\/em>? is <strong>&#8220;I&#8217;ll run a few dictionaries against it unless you provide me with a charset and length!&#8221;<\/strong><\/p>\n<p>For those that don&#8217;t understand it needs to be made clear exactly what bruteforce cracking means.<\/p>\n<p>Lets just say we have a four character pin that can only contain digits; we know that there are 10,000 (10<sup>4<\/sup>) combinations that we can try: 0000 all the way through to 9999. This is obvious to most people, so why isn&#8217;t it obvious when we also use letters and special characters?<\/p>\n<p>An 8 character password of just UPPERCASE characters can contain 26 possibilities per character position (1-7 length not  included). That&#8217;s 208,827,064,576 possible password combinations, or an easier representation is 26<sup>8<\/sup>.<\/p>\n<p>Now lets just say they know the password is 7 characters but dont know what character sets it contains, it means i&#8217;ll have to include a-z, A-Z, 0-9 and special characters <strong>!\u201d#$%&#038;'()*+,-.\/:;\u21d4?@[\\]^_`{|}~<\/strong>.<\/p>\n<p>That&#8217;s 92 (26 + 26 + 10 + 30) possible values per character position, leading to an incredible 55,784,660,123,648 possible combinations (92<sup>7<\/sup>). And if they don&#8217;t know how long the password is what do I try? 1 character is just 92 possible combinations, but as the length grows so does the possible combinations, exponentially! And don&#8217;t forget to attempt the cracking of a password of up to length 6 also includes the possibilities of lengths 1, 2, 3, 4 &#038; 5!<\/p>\n<ul>\n<li>length 1 = | 92<sup>1<\/sup> | 92<\/li>\n<li>length 2 = | 92<sup>2<\/sup> | 8464<\/li>\n<li>length 3 = | 92<sup>3<\/sup> | 778688<\/li>\n<li>length 4 = | 92<sup>4<\/sup> | 71639296<\/li>\n<li>length 5 = | 92<sup>5<\/sup> | 6590815232<\/li>\n<li>length 6 = | 92<sup>6<\/sup> | 606355001344<\/li>\n<li>length 7 = | 92<sup>7<\/sup> | 55784660123648<\/li>\n<li>length 8 = | 92<sup>8<\/sup> | 5132188731375616<\/li>\n<li>length 9 = | 92<sup>9<\/sup> | 472161363286556672<\/li>\n<li>length 10= | 92<sup>10<\/sup>| 43438845422363213824<\/li>\n<li>length 11= | 92<sup>11<\/sup>| 3996373778857415671808<\/li>\n<li>length 12= | 92<sup>12<\/sup>| 367666387654882241806336<\/li>\n<li>length 13= | 92<sup>13<\/sup>| 33825307664249166246182912<\/li>\n<li>length 14= | 92<sup>14<\/sup>| 3111928305110923294648827904<\/li>\n<li>length 15= | 92<sup>15<\/sup>| 286297404070204943107692167168<\/li>\n<\/ul>\n<p>I hope this has given an understanding in to what it really means when &#8220;bruteforcing a hash&#8221;. In order to reduce the keyspace it&#8217;s worth trying a more sophisticated attack such as a capital as the first letter and then lowercase followed by a digit or 2; doing this massively reduces the attack time and allows much quicker <a href=\"http:\/\/www.phillips321.co.uk\/2012\/06\/08\/eharmony-gpu-hash-cracking-and-pipal-analysis\/\" title=\"eHarmony GPU hash cracking and pipal analysis\" target=\"_blank\">cracking when using the GPU<\/a>.<\/p>\n<p>Oh, and before I forget don&#8217;t even get me started on the possibilities of using Russian, French or German characters, let alone the non printable characters between 0xc0 &#8211; 0xff as well!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Quiet often people ask me to bruteforce a hash for them. My usual response after the obligatory; where did you get the hash from? is &#8220;I&#8217;ll run a few dictionaries against it unless you provide me with a charset and length!&#8221; For those that don&#8217;t understand it needs to be made clear exactly what bruteforce [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":864,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[37,290,292,182,294,183,293,291],"_links":{"self":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/755"}],"collection":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/comments?post=755"}],"version-history":[{"count":3,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/755\/revisions"}],"predecessor-version":[{"id":865,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/755\/revisions\/865"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/media\/864"}],"wp:attachment":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/media?parent=755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/categories?post=755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/tags?post=755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}