Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-16-2006, 01:03 AM
|
#1
|
LQ Newbie
Registered: Mar 2006
Posts: 2
Rep:
|
linking computers via internet to brute force passwords
I dont know much about cracking passwords but i know mathmatically brute forcing a password is gauranteed results. However, it can take years to get even the smallest of passwords with only one computer. My big question is this...Would it be possible to link a bunch of computers together over the internet to create a sort of huge, and really fast brute forcing machine. I know this may sound silly so keep in mind i am no expert. I just know if you have enough processing power it can be done very quickly.
Eager to hear anyone's thoughts on this
scott
|
|
|
03-16-2006, 01:44 AM
|
#2
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
anyone replying please keep in mind that:
Quote:
Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed.
|
http://www.linuxquestions.org/linux/rules.html
Last edited by win32sux; 03-16-2006 at 04:23 AM.
|
|
|
03-16-2006, 03:26 AM
|
#3
|
Senior Member
Registered: Jan 2004
Location: Montpellier (France)
Distribution: Gentoo
Posts: 1,014
Rep:
|
Personnally I would say it also depends on how you configure your computer when it receives a wrong password. If you configure it so that each time a wrong password is entered you cannot enter a new one before a determined amount of time... it will take a long long time
|
|
|
03-16-2006, 03:57 AM
|
#4
|
Member
Registered: Aug 2003
Location: Belguim, Ostend and Ghent
Distribution: Ubuntu
Posts: 600
Rep:
|
Quote:
Originally Posted by scott1981
I just know if you have enough processing power it can be done very quickly.
Eager to hear anyone's thoughts on this
scott
|
That really isn't always true, it depends of the length of the encryption key and kind of encryption. Take DES for example which is an 56-bit encryption method from the early 70s, well it was first cracked in 1997 by distributed.net, the second time in 1998 in a little over 40 days, they needed 22 thousand connected computers for that.
Of course pc's now are a little faster but still, 40 days, just for an 56-bit symmetric encryption.
Now still lets say an 128-bit encryption (which is a normal length), for that you would need 40*2^72 days, that's a little over 530602975603330922887 years, with those same 22 thousand computers.
Btw. the fact that we have way more powerfull processors does not count, because processor speeds double every 18 months, which means that it will take us 72*18 months = 108 years until they are fast enough to crack the 128-bit code with the same amount of pc's. Besides, this is the easy encryption (symmetric), most encryption these days is done assymmetric and that is still a lot harder to crack.
elluva.
Last edited by elluva; 03-16-2006 at 03:59 AM.
|
|
|
03-16-2006, 10:22 AM
|
#5
|
LQ Newbie
Registered: Mar 2006
Posts: 2
Original Poster
Rep:
|
ok but if you were able to somehow connect over the internet and share the processing burden over all the comeputers. You could have an indefinite amount of computers linked into it. 22 thousand is a very low number. If it is even possible to do this and it got popular there would more than a million computers linked to it. It would break 128 bit encryption in minutes.
|
|
|
03-16-2006, 10:42 AM
|
#6
|
LQ Newbie
Registered: Mar 2006
Posts: 3
Rep:
|
Actually, throwing 45 times as many computers (1 million vs 22 thousand) at the problem would seem like you could do it much faster - but if elluva's calculations are right, it'd still take 530602975603330922887 / 45 = 11791177235629576000 years.
|
|
|
03-16-2006, 10:47 AM
|
#7
|
Member
Registered: Aug 2003
Location: Belguim, Ostend and Ghent
Distribution: Ubuntu
Posts: 600
Rep:
|
If the computers nowadays would be 1000 times as fast as then (which is a huge overestimation) and you'd have 10 million computers working toghether, it would still take you 415568250492528778,805248 days, that's somewhat more then 1138543152034325 years .
Point I want to make is that no, you cannot simply break an 128-bit key in minutes by simple brute force. The problem is that the number of possible keys ascends exponentially, it doubles with each extra bit in the key. The fact that you can't keep this up in the real world with the number of computers that you connect makes it very hard to crack an encryption with simple brute force.
Of course I do believe that if you take a brute force method and you adapt it to handle the cracking more intelligently (if this is possible), it can be possible to get way better results, but that depends entirely on the encryption algorithm.
elluva.
Last edited by elluva; 03-16-2006 at 10:48 AM.
|
|
|
03-16-2006, 10:59 AM
|
#8
|
Member
Registered: Aug 2003
Location: Belguim, Ostend and Ghent
Distribution: Ubuntu
Posts: 600
Rep:
|
Quote:
Originally Posted by hornpipe2
Actually, throwing 45 times as many computers (1 million vs 22 thousand) at the problem would seem like you could do it much faster - but if elluva's calculations are right, it'd still take 530602975603330922887 / 45 = 11791177235629576000 years.
|
indeed, we don't have exactly the same results, but the point remains.
btw. This is how I calculated it,
128 bits - 56 bits = 72 bits
=> 2^72 times as many possible keys
Now if 22.000 pc's calculated for 40 days (and they had luck with them, because they had only reached 47% or so of all the keys), then that same amount of pc's calculate 40*2^72 = (aterriblybignumberof)days. Then just divide by 365 and you have a good approximation of the number of years you'd have to spend.
Then if pc's are 1000 times as powerfull, divide the number by 1000, and if you have 10 000 000 pc's, multiply by ((22 000)/(10 000 000)), and you'll get the giant number i've got .
elluva.
|
|
|
03-16-2006, 04:13 PM
|
#9
|
Member
Registered: May 2005
Distribution: Fedora Core Since version 3
Posts: 193
Rep:
|
why do you need to crack it anyway?
|
|
|
03-16-2006, 07:13 PM
|
#10
|
Senior Member
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291
Rep:
|
Quote:
Originally Posted by comptiger5000
why do you need to crack it anyway?
|
I think this person is asking out of curiosity
|
|
|
03-16-2006, 08:05 PM
|
#11
|
Senior Member
Registered: Aug 2005
Posts: 1,755
Rep:
|
"Password cracking" refers to when you have the password hash and you are trying to find a password that produces that hash. Is that what you guys are talking about?
|
|
|
All times are GMT -5. The time now is 07:35 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|