#### grinch

• Hero Member
• Posts: 1933
• Reputation: 187
• the digital grinch who stole your data
• iDevices: iPhone 3GS 4.3.3, HTC Evo V 4G ICS
« on: June 15, 2012, 10:35:06 am »
Password crackers work in generally one of three ways. Many modern cracking tools operate in all three methods, just not at the same time.

Dictionary attack
In a dictionary attack, the password cracking program uses a wordlist(s) called a dictionary. It takes each phrase, hashes it and compares that to the encrypted hash of the target. This is incredibly fast. A 2001 machine could test over 35 million phrases per second. That is more words than in the english language. Imagine what modern computers with fast GPUs can do. This allows crackers to use larger dictionaries, which they expand based on their knowledge of human behavior. They know people like to add a number around a word, so instead of the dictionary having just "flower" it will have "flower1" "flower2"..."flower56" "1flower" "2flower"..."56flower" etc

Brute-force attack
A Brute-force attack will try every possible permutation, within a "set", hashes each permutation, and compares the hash to the hash on the target, until it has found a match. A "set" are the parameters the attacker tells the cracking program to use. The attacker may tell the program to use lower-case alpha, UPPER-CASE alpha, 0123456789, with a maximum password length of 8 characters. The program may start "aaaaaaaa", "aaaaaaab" etc until every possibility has been tried or a match found.

How many possible passwords is it?
If you have a 4 digit(numbers) password, say the PIN code at your bank, that is 10,000 combinations possible. Explained: You have 0001 through 9999, that is 9,999 possible. Add 0000 as a possibility and that makes 10,000. Another way to express that is this: For each of the 4 positions, you have a maximum of 10 possibilities, the digits, 0 through 9. 10 possibilities in 4 positions is 10^4 (ten to the fourth power), or 10 x 10 x 10 x 10, or 10,000
With me so far?
Now lets add some lower-case alphas. 26 letters in the alphabet, plus the 10 digits, makes 36 possibilities for each position. That 4 character password can now be expressed as 36^4, or 1,679,616 total possibilities.
Lets add UPPER-CASE alphas. That is another 26 letters. So 26 UPPER-CASE, 26 lower-case, and 10 digits, is 62 possibilities. That 4 char password is now 62^4, or 14,776,336 total
Lets add some symbols. !@#\$%^&*() -_=+[]\{}|;':",./<>?~ Just using the ones on the keyboard, no high-ansi symbols, this gives 90+ possibilities. It may be 91 or 92, depending on if the grave accent ` or other characters are allowed. Space(the space bar) is also a special character and is allowed in some passwords. I generally use "90" as my number for calculations here, as there are often a few char not allowed in a password.
So now with 90 possibilities that 4 char password is now 90^4, or 65,610,000 total
This may seem like a lot, but a computer from 2001 could brute-force over 10 million passwords a second, that would take under 7 seconds. Modern machines and GPUs crack in the billions per second. Modern cracking programs boast they can check over 2.8 billion keys per second. EFF built a dedicated password cracker(high-end hardware) capable of cracking over 90 billion keys per second. Add distributed computing(the ability to use more than one machine simultaneously to accomplish the same task) and those numbers shoot up.
So what do we do? Give up? NO! Make stronger passwords!

Lets use that 90 possible from earlier, and make the password longer.
8 char pass, 90^8, 4,304,672,100,000,000. That over 4 quadrillion
8 used to be the recommended minimum. Now, 12 is the new 8
12 char pass, 90^12,  282,429,536,481,000,000,000,000, or 282+ sextillion
Now we're talking, right? Well divide that number by the measly 10,000,000 passwords per second that my old 2001 machine could crack, and that is 28242953648100000 seconds, or 895578.18 millennium, or 895,000+ thousand years.
Using 3 billion keys per second, a conservative number that most modern hardware can hit, that would take 2985.26 millennium
Much better

What can we learn from this? The trick to defeating an attacker using a password cracker, is to use a strong set. No attacker has millenniums to find a password, so they crack based on smaller sets. Password crackers rarely go after symbols, they will crack on a 62 char set, the 26 UPPER 26 lower and 10 digits, and usually for a length shorter than 12 char. Changing your password with some regularity will also help defeat them, as the password they are working so hard to crack has now been changed.

You may be saying "I can just blank the password with xyz tool" and you certainly can. But if there is encrypted data tied to that password, blanking the password will not give you access to that protected data. If stealth is a goal for the mission, blanking the password will not go well, as the target will know the password has been changed.

HASH attack aka Rainbow Table attack
The third method used is a combination of the first two. In a hash attack the cracking program loads pre-computed hashes, and compares those to the hash on the target. These hash tables, or rainbow tables as they are often called, use each possibility for a set, like brute-force, but those possibilities are hashed, and those hashes are what is loaded in the program. The program then just compares the hashes to the hashes on the target, much like a dictionary attack. It is actually faster, since the hashes(words) in the hash table (dictionary) do not need to be hashed, they are already hashed.
I do not have stats on the speed of hash table attacks, but they are amazingly fast

What is HASHING?
Think of hashing as one-way math. The data, or password in this case, in run through a hashing function or algorithm, which is a mathematical formula where it is difficult to derive the original data(password), given the output of the function(called the "digest") and knowing the formula for the algorithm. MD5 and SHA-3 are examples of hashing functions(algorithms).
« Last Edit: June 26, 2012, 05:07:13 pm by grinch »
If I help you or you appreciate my work, clicking that +1 button is the best thanks I could get.

My opinions are my own, you may agree or disagree with them, but they are only just that; opinions
For example: facebook is the microsoft of social networks

http://goo.gl/PiVjI

@DigitalGrinch

I follow all iNinjas members back. PM me if I am not following you

#### Almost

• Full Member
• Posts: 128
• Reputation: 20
##### Re: How Password Crackers work
« Reply #1 on: June 15, 2012, 11:09:10 am »
Nice explanation! I'll make a follow-up on salting if somebody is interested - something that was in the news again shortly ago (with the Linkedin F-up)

#### LankAsif

• Global Moderator
• Hero Member
• Posts: 2392
• Reputation: 90
• Forum pride 8)
• Computers: i7 with bits and pieces
• iDevices: iPod Touch 1G (Basically storage for iNinja tools), iPhone 5
##### Re: How Password Crackers work
« Reply #2 on: June 16, 2012, 12:15:58 pm »
That is an awesome explanation Grinch. Thank you for clearly defining this - it's such a fundamental area.

Education is never achieved by wise men. it is only believed to have been achieved by fools

#### grinch

• Hero Member
• Posts: 1933
• Reputation: 187
• the digital grinch who stole your data
• iDevices: iPhone 3GS 4.3.3, HTC Evo V 4G ICS
##### Re: How Password Crackers work
« Reply #3 on: June 16, 2012, 12:23:37 pm »
That is an awesome explanation Grinch. Thank you for clearly defining this - it's such a fundamental area.

Yeah, I thought this could use a breakdown of how they work. Almost as important is the math used to calculate total possible passwords. Understanding this will not only explain how crackers work, but should help people to create stronger passwords.

If I help you or you appreciate my work, clicking that +1 button is the best thanks I could get.

My opinions are my own, you may agree or disagree with them, but they are only just that; opinions
For example: facebook is the microsoft of social networks

http://goo.gl/PiVjI

@DigitalGrinch

I follow all iNinjas members back. PM me if I am not following you

#### BooCocky

• Hero Member
• Posts: 875
• Reputation: 81
• All your base are belong to ininjas
• Computers: Dell Inspirion
• iDevices: ipod shuffle
##### Re: How Password Crackers work
« Reply #4 on: June 16, 2012, 02:44:14 pm »
Epic post! I made a simple DEScrack in python,  it takes all the words in a dictionary and encrypts them with DES and compares them to the DES encrypted password.

How possible would it be to reverse the aligorithm of most encryptions you think?

#### grinch

• Hero Member
• Posts: 1933
• Reputation: 187
• the digital grinch who stole your data
• iDevices: iPhone 3GS 4.3.3, HTC Evo V 4G ICS
##### Re: How Password Crackers work
« Reply #5 on: June 16, 2012, 03:01:18 pm »

Reversing hashing algorithms is tough. If you know the algo used, it is easier to do what you did, generate hashes and compare.

This is why salting can be useful. Almost mentioned the linked-in attack. Adding some "salt", adds another factor to the hash calculation. As long as that salt is secret, someone knowing the SHA512 algo can not generate effective hashes

If I help you or you appreciate my work, clicking that +1 button is the best thanks I could get.

My opinions are my own, you may agree or disagree with them, but they are only just that; opinions
For example: facebook is the microsoft of social networks

http://goo.gl/PiVjI

@DigitalGrinch

I follow all iNinjas members back. PM me if I am not following you

#### LankAsif

• Global Moderator
• Hero Member
• Posts: 2392
• Reputation: 90
• Forum pride 8)
• Computers: i7 with bits and pieces
• iDevices: iPod Touch 1G (Basically storage for iNinja tools), iPhone 5
##### Re: How Password Crackers work
« Reply #6 on: June 16, 2012, 03:22:56 pm »
Pardon? Was that a typo? How does having info (knowing algo) become a hindrance?

Education is never achieved by wise men. it is only believed to have been achieved by fools

#### Ironman

• Hero Member
• Posts: 5108
• Reputation: 251
• Computers: ASUS UL50VT
• iDevices: iPhone 5, iPhone 4S, iPhone 4, iPhone 3GS
##### Re: How Password Crackers work
« Reply #7 on: June 16, 2012, 03:31:47 pm »
Thanks for this grinch. Easy to follow explanaition!! +1
Click for How to Add Our Repo
If you're going to ask questions....
At least make them good ones.

Knowledge is the one thing that can never be taken from you

#### grinch

• Hero Member
• Posts: 1933
• Reputation: 187
• the digital grinch who stole your data
• iDevices: iPhone 3GS 4.3.3, HTC Evo V 4G ICS
##### Re: How Password Crackers work
« Reply #8 on: June 16, 2012, 03:33:03 pm »
Knowing the algo is not a hinderence. It will help to generate hashes if you feed it passwords. Knowing the algo will not help you if the passwords are salted first, or it won't help you to get clear text passwords from hashes working in reverse
If I help you or you appreciate my work, clicking that +1 button is the best thanks I could get.

My opinions are my own, you may agree or disagree with them, but they are only just that; opinions
For example: facebook is the microsoft of social networks

http://goo.gl/PiVjI

@DigitalGrinch

I follow all iNinjas members back. PM me if I am not following you

#### LankAsif

• Global Moderator
• Hero Member
• Posts: 2392
• Reputation: 90
• Forum pride 8)
• Computers: i7 with bits and pieces
• iDevices: iPod Touch 1G (Basically storage for iNinja tools), iPhone 5
##### Re: How Password Crackers work
« Reply #9 on: June 16, 2012, 03:39:12 pm »
Sorry to keep asking but in this
someone knowing the SHA512 algo can not generate effective hashes

Who is "someone"? Attacker?

Education is never achieved by wise men. it is only believed to have been achieved by fools

#### grinch

• Hero Member
• Posts: 1933
• Reputation: 187
• the digital grinch who stole your data
• iDevices: iPhone 3GS 4.3.3, HTC Evo V 4G ICS
##### Re: How Password Crackers work
« Reply #10 on: June 16, 2012, 03:50:23 pm »
I was talking about salting. Even if you know the algo, SHA512 for example, you could not generate effective hashes to use to compare, if they are salted.

Salting adds another factor to the hash calculation. If you don't know it, you won't have all the information to create hashes like the hashes that are used on the target system
If I help you or you appreciate my work, clicking that +1 button is the best thanks I could get.

My opinions are my own, you may agree or disagree with them, but they are only just that; opinions
For example: facebook is the microsoft of social networks

http://goo.gl/PiVjI

@DigitalGrinch

I follow all iNinjas members back. PM me if I am not following you

#### grinch

• Hero Member
• Posts: 1933
• Reputation: 187
• the digital grinch who stole your data
• iDevices: iPhone 3GS 4.3.3, HTC Evo V 4G ICS
##### Re: How Password Crackers work
« Reply #11 on: June 16, 2012, 03:51:41 pm »
Sorry to keep asking but in this
Who is "someone"? Attacker?

Yes the someone is the potential attacker
If I help you or you appreciate my work, clicking that +1 button is the best thanks I could get.

My opinions are my own, you may agree or disagree with them, but they are only just that; opinions
For example: facebook is the microsoft of social networks

http://goo.gl/PiVjI

@DigitalGrinch

I follow all iNinjas members back. PM me if I am not following you

#### LankAsif

• Global Moderator
• Hero Member
• Posts: 2392
• Reputation: 90
• Forum pride 8)
• Computers: i7 with bits and pieces
• iDevices: iPod Touch 1G (Basically storage for iNinja tools), iPhone 5
##### Re: How Password Crackers work
« Reply #12 on: June 16, 2012, 03:55:53 pm »
Ok thanks again grinch. Now i follow.

Education is never achieved by wise men. it is only believed to have been achieved by fools

#### FCKSHTUP

• Full Member
• Posts: 179
• Reputation: 14
• Computers: macbook pro late 2011 (lion 10.7.2)
• iDevices: ipod touch 4g 5.0.1, iPhone 3g 4.2.1 tmobile unlocked, iphone 4s 5.0.1 trying to unlock, ipod 4 5.1.1
##### Re: How Password Crackers work
« Reply #13 on: June 18, 2012, 03:16:47 am »
Don't mean to be Debbie Down syndrome but isnt 26+26+10 62

Nice explanation tho
Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid. -Einstein

#### grinch

• Hero Member
• Posts: 1933
• Reputation: 187
• the digital grinch who stole your data
• iDevices: iPhone 3GS 4.3.3, HTC Evo V 4G ICS
##### Re: How Password Crackers work
« Reply #14 on: June 18, 2012, 08:26:27 am »
Ooops. Fixed that

Thanks Debbie
If I help you or you appreciate my work, clicking that +1 button is the best thanks I could get.

My opinions are my own, you may agree or disagree with them, but they are only just that; opinions
For example: facebook is the microsoft of social networks

http://goo.gl/PiVjI

@DigitalGrinch