Brute force technique of password cracking

 

Xtreme

Home

My creations

Related rfcs

blog

The brute force method of password cracking, basically consists of generating every possible combination of all the characters that can be used in the password, and thenencrypt each to be checked for a positive match with the original encrypted password.

For example, if the encrypted password for my application is hyrulsjcl, and the original password be abcd(don't try this for my account... it's only a dummy example...). Then I try out all combinations, of all characters, in this case, lowercase alphanumeric characters, the combinations being: a, b, c, d, e, f.... z, aa, ab, ac, ad, ..... az, aaa, aab, aac, .... In this way, therewill be a positive ID for abcd, which will encrypt to hyulsjcl and password cracking will be complete.

One of the biggest shortcomings of this technique is that it is a very time taking process. Generating every possible combination, and then encrypting them takes a hell lot of time. As, we have to try out all possible combinations, the hackers had invented new hybrid technique for brute force, in which not every combination is tried out in sequence. Those password crackers, also termed smart brute force crackers check for the hash (the encryption) pattern, and then accordingly choose the next string to be matched for a positive ID.

So, here is a graphic description of how this all goes...

Brute force is not a very easy thing, when it comes to cracking real big passwords. But again, everything has its pros and cons...


a sample brute force cracker - It cracks pckd.jpgBFDESC.bmppasswords encrypted by DES, typically, a linux password is encrypted with the DES.


a brute force string generator - It simply generates strings. It's got a fast algorithm. Lack of time led to not developing a cracker with it. Very soon, I'll upload that program. It will crack MD5 and DES passwords for linux.

Keep watching.....


Name: Xtreme

E-mail: xtremethegreat1@gmail.com