LinuxQuestions.org Cracking SHA1 with EC2 GPU instances.
 Linux - Security This forum is for all security related questions. Questions, tips, system compromises, firewalls, etc. are all included here.

 12-04-2010, 03:54 AM #16 H_TeXMeX_H LQ Guru   Registered: Oct 2005 Location: \$RANDOM Distribution: slackware64 Posts: 12,928 Blog Entries: 2 Rep: I know you guys like to do these mathematical calculations that prove that it's impossible to crack this, but I think there should be a field that deals with the human aspect. I'm quite positive that most people will use very weak passwords, either from a dictionary, or from their personal details (birthday, son/daughter's name, etc). The above calculations apply to the best case scenario, but this is never the case.
12-04-2010, 12:55 PM   #17
win32sux
LQ Guru

Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep:
Quote:
 Originally Posted by Matir FWIW, it's essentially irrelevant to consider the minimum length for purposes of calculating runtime. A better way to approach things is to include one more character than there really is as a sort of "null" byte (e.g., a 7-character password can be considered to be an 8-character password with one byte set to NULL). Your value for 12-36, 94 character set is about 2^235.981. Using the 95 "character set" for length 36 (e.g., 95^36) is about 2^236.514. As you can see, it's pretty close. If you want to get really precise, use the original character set for the minimum length and the +1 for the remaining characters. For example, 94^12*95^(36-12) yields a value of 2^236.332. Of course, just using 94 characters for 36 places (94^36) yields 2^235.965. The reality is that the largest term dwarfs the smaller terms by so much that it becomes the dominating factor. You can see that in the A-Y values you posted, each one increases by 2 digits, or an approximate factor of 100.
Thanks for the tips, Matir!

Quote:
 Originally Posted by H_TeXMeX_H I know you guys like to do these mathematical calculations that prove that it's impossible to crack this, but I think there should be a field that deals with the human aspect. I'm quite positive that most people will use very weak passwords, either from a dictionary, or from their personal details (birthday, son/daughter's name, etc). The above calculations apply to the best case scenario, but this is never the case.
The formula I googled simply tells you the total possibilities for a password, given the character set and the policy's min/max length. This should not be interpreted as an attempt to prove/disprove how crackable/uncrackable a password is. Rather, it's a way to gauge how much work a brute force attack may need to do when it encounters a strong password. I do understand that unfortunately most human-generated weak passwords won't even need a brute force attack to get cracked, but the article linked in the OP isn't about dictionary or guessing attacks AFAICT.

Last edited by win32sux; 12-04-2010 at 01:08 PM.

 Posting Rules You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is Off HTML code is Off Forum Rules

 Similar Threads Thread Thread Starter Forum Replies Last Post pnmanojshenoy Linux - Networking 3 11-17-2010 12:22 PM shritesh Linux - Games 0 08-18-2009 02:21 PM kentor Linux - Software 0 07-02-2009 03:17 PM jcrubino Linux - Newbie 1 04-11-2009 12:16 AM Red Guy Linux - Software 0 07-22-2003 10:16 PM

LinuxQuestions.org

All times are GMT -5. The time now is 07:13 AM.

 Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -