linking computers via internet to brute force passwords
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
linking computers via internet to brute force passwords
I dont know much about cracking passwords but i know mathmatically brute forcing a password is gauranteed results. However, it can take years to get even the smallest of passwords with only one computer. My big question is this...Would it be possible to link a bunch of computers together over the internet to create a sort of huge, and really fast brute forcing machine. I know this may sound silly so keep in mind i am no expert. I just know if you have enough processing power it can be done very quickly.
Eager to hear anyone's thoughts on this
scott
Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed.
Personnally I would say it also depends on how you configure your computer when it receives a wrong password. If you configure it so that each time a wrong password is entered you cannot enter a new one before a determined amount of time... it will take a long long time
I just know if you have enough processing power it can be done very quickly.
Eager to hear anyone's thoughts on this
scott
That really isn't always true, it depends of the length of the encryption key and kind of encryption. Take DES for example which is an 56-bit encryption method from the early 70s, well it was first cracked in 1997 by distributed.net, the second time in 1998 in a little over 40 days, they needed 22 thousand connected computers for that.
Of course pc's now are a little faster but still, 40 days, just for an 56-bit symmetric encryption.
Now still lets say an 128-bit encryption (which is a normal length), for that you would need 40*2^72 days, that's a little over 530602975603330922887 years, with those same 22 thousand computers.
Btw. the fact that we have way more powerfull processors does not count, because processor speeds double every 18 months, which means that it will take us 72*18 months = 108 years until they are fast enough to crack the 128-bit code with the same amount of pc's. Besides, this is the easy encryption (symmetric), most encryption these days is done assymmetric and that is still a lot harder to crack.
ok but if you were able to somehow connect over the internet and share the processing burden over all the comeputers. You could have an indefinite amount of computers linked into it. 22 thousand is a very low number. If it is even possible to do this and it got popular there would more than a million computers linked to it. It would break 128 bit encryption in minutes.
Actually, throwing 45 times as many computers (1 million vs 22 thousand) at the problem would seem like you could do it much faster - but if elluva's calculations are right, it'd still take 530602975603330922887 / 45 = 11791177235629576000 years.
If the computers nowadays would be 1000 times as fast as then (which is a huge overestimation) and you'd have 10 million computers working toghether, it would still take you 415568250492528778,805248 days, that's somewhat more then 1138543152034325 years .
Point I want to make is that no, you cannot simply break an 128-bit key in minutes by simple brute force. The problem is that the number of possible keys ascends exponentially, it doubles with each extra bit in the key. The fact that you can't keep this up in the real world with the number of computers that you connect makes it very hard to crack an encryption with simple brute force.
Of course I do believe that if you take a brute force method and you adapt it to handle the cracking more intelligently (if this is possible), it can be possible to get way better results, but that depends entirely on the encryption algorithm.
Actually, throwing 45 times as many computers (1 million vs 22 thousand) at the problem would seem like you could do it much faster - but if elluva's calculations are right, it'd still take 530602975603330922887 / 45 = 11791177235629576000 years.
indeed, we don't have exactly the same results, but the point remains.
btw. This is how I calculated it,
128 bits - 56 bits = 72 bits
=> 2^72 times as many possible keys
Now if 22.000 pc's calculated for 40 days (and they had luck with them, because they had only reached 47% or so of all the keys), then that same amount of pc's calculate 40*2^72 = (aterriblybignumberof)days. Then just divide by 365 and you have a good approximation of the number of years you'd have to spend.
Then if pc's are 1000 times as powerfull, divide the number by 1000, and if you have 10 000 000 pc's, multiply by ((22 000)/(10 000 000)), and you'll get the giant number i've got .
"Password cracking" refers to when you have the password hash and you are trying to find a password that produces that hash. Is that what you guys are talking about?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.