Graphics Programs Reference
In-Depth Information
Custom dictionary files are often made using different languages, standard
modifications of words (such as transforming letters to numbers), or simply
appending numbers to the end of each word. While a bigger dictionary will
yield more passwords, it will also take more time to process.
0x762
Exhaustive Brute-Force Attacks
A dictionary attack that tries every single possible combination is an
exhaustive
brute-force
attack. While this type of attack will technically be able to crack
every conceivable password, it will probably take longer than your grand-
children's grandchildren would be willing to wait.
With 95 possible input characters for
crypt()-
style passwords, there
are 95
8
possible passwords for an exhaustive search of all eight-character
passwords, which works out to be over seven quadrillion possible passwords.
This number gets so big so quickly because, as another character is added to
the password length, the number of possible passwords grows exponentially.
Assuming 10,000 cracks per second, it would take about 22,875 years to try
every password. Distributing this effort across many machines and processors
is one possible approach; however, it is important to remember that this will
only achieve a linear speedup. If one thousand machines were combined,
each capable of 10,000 cracks per second, the effort would still take over 22
years. The linear speedup achieved by adding another machine is marginal
compared to the growth in keyspace when another character is added to the
password length.
Luckily, the inverse of the exponential growth is also true; as characters
are removed from the password length, the number of possible passwords
decreases exponentially. This means that a four-character password only has
95
4
possible passwords. This keyspace has only about 84 million possible pass-
words, which can be exhaustively cracked (assuming 10,000 cracks per second)
in a little over two hours. This means that, even though a password like
h4R%
isn't in any dictionary, it can be cracked in a reasonable amount of time.
This means that, in addition to avoiding dictionary words, password length
is also important. Since the complexity scales up exponentially, doubling the
length to produce an eight-character password should bring the level of effort
required to crack the password into the unreasonable time frame.
Solar Designer has developed a password-cracking program called John
the Ripper that uses first a dictionary attack and then an exhaustive brute-
force attack. This program is probably the most popular one of its kind;
it is available at http://www.openwall.com/john. It has been included on
the LiveCD.
reader@hacking:~/booksrc $ john
John the Ripper Version 1.6 Copyright (c) 1996-98 by Solar Designer
Usage: john [OPTIONS] [PASSWORD-FILES]
-single "single crack" mode
-wordfile:FILE -stdin wordlist mode, read words from FILE or stdin
-rules enable rules for wordlist mode
