Hello there!

I'm interesting in starting a project that gives benchmarks as to how secure a given password is.

For example: given password = 1434

- was cracked with brute force in 0.3 seconds.

etc.

I will test a whole range of passwords, and then create a paper publishing all the results and statistics. I'll also try it with lock out times of 3 secs after 10 tries, etc


I've got a 1.8ghz processor.. yah!


Ok, now onto the programming aspect.

I want to create two programs. One the password brute force program. The other a simple program that requires a password. For example, it just echoes "You've got in!" when the password matches.

user will assume "root"... will do tests later with guessed users /passes.

what I have trouble with is integration between the programs... trying to pass of the password variable with another program... any ideas?

There are such programs available. They get quite nice results.

Temporary file or pipe, IMHO.

the easiest thing to do would be to have the password program read a password from standard input in a loop until it reads EOF. then the bruteforce program would be the parent, create a pipe set, and fork a child that first dup2's the read end of the pipe to stdin and then exec's the password program. then in the bruteforcer you could generate a password and write it to the pipe. however, as mara said this has already been done, much better than you and i could do it.
that said, the easiest thing is never the most efficient. especially since we;re talkin about brute force here, you want an efficient program if it's going to be constantly doing calculations over a long period of time! if you are fixated on using 2 processes, shared memory is at least twice as fast as using a pipe.

Why not just calculate how long it will take based on how long it is and if it includes charecters and numbers? Simple question of permutations...

The benchmarks will not attest to much anyways seeing as this will be a test of your algorithm design more than anything...