Technology Password Brute Force

Discussion in 'Technology' started by tablet, Mar 14, 2005.

  1. tablet

    tablet Premium Member

    I've always wondered about machine trying to brute force a computer password. A few days ago JC came up with an idea for GameMaster round 4 which reminds me of brute force.

    And my question is: Let's say I have a password that is about 10 characters long. For example:

    Yuiwo_392z

    Assuming that you have the fastest computer, how long will it take the computer to reach that password? (doesn't need to be exact, just an estimation of the year).
     
  2. DreamLandMafia

    DreamLandMafia Premium Member

    Brute Force really is NOT a good idea for passowords you KNOW are big. Itll take an EXTREMELY long time.

    Take it like this...the number of passwords per character is 62^n. IF its alphanumeric.

    So 64^10 = 839299365868340224 possible matches. And with that underscore itll be even longer.(that number maybe be a BIT off, i was using calc.exe and had to times 62 by itself 10 times). Lets just say the network of the site your trying to brute force that has the password has a latency of 1ms, thatd come out to ABOUT 3694084 passwords per hour.So if Im right, itd take 227200942336 hours to crack it, or 9466705930 days to crack it, or 25936180 years.

    Its late, my math may be a BIT off in the way im doing it. I might have multiplied where i should have divided, or divied where i should have multiplied in the convertion form hours to days to years and so forth.

    Heres a nice little table showing the times.
     
  3. tablet

    tablet Premium Member

    Thank for the reply DLM, that was informative. Now I know why JC wants to see me try GM4. My purpose for this thread is to try and understand the security of a password.

    Not to mention that oneday we will have quantum computer that operate at unbelievable speed. Not sure if this new quantum will be able to brute force.
     
  4. DreamLandMafia

    DreamLandMafia Premium Member

    Well the speed of the computer wont really matter much if the password your trying to brute force is on another domain, then you have to deal with the networks latency. If its a slow network, itll go slow, if its a fast network, well you understand.

    Now, if it was a local password, itll go pretty damned fast.
     
  5. tablet

    tablet Premium Member

    So that mean oneday, password becomes obsolete. There's no need in protecting a zip with a password cause once someone get a hold of that zip with a quantum computer I'm sure the password will be reveal in no time.
     
  6. Icewolf

    Icewolf Premium Member

    Well their is more than one way to get the password. I've seen psychologists (who pretend to be psychics) who can sit in a room with you for an hour and generally can get your password very quickly. As normally we pick a password which is related to us in some way.
     
  7. DreamLandMafia

    DreamLandMafia Premium Member

    My normal password for unimportant stuff is a random password Yahoo generated for me when i forgot my regular password. My password for important stuff was part of a PGP Generated key. 12 Alphanumeric cahracters.
     
  8. JcMinJapan

    JcMinJapan Premium Member

    When I make a password, I always use upper case, lower case, numbers, special character and it is at ;least 8 characters long. to make it even more difficult for a user to guess, while making it easy for you to remember, I suggest that you make a sentence and choose the first or last letter of each.

    A typical Seattle Mariners fan write something like Seattle, mariners, ichiro, baseball, or something along those lines usually, so their passwords are easy to remember, but also making them easy to crack. Many of the hacking programs will use keywords first. So, to make it more difficult, look at the example below:

    Sentence: One of my favorite baseball teams is the Seattle Mariners!

    It would be changed to: 1omfbtitSM!

    As you can see, this password is easy for the user to remember. But, also it is now a complex password that no one would ever be able to guess.

    another example:

    I want to go to Disney Land, but when?
    Iw2g2DLbw?

    Also, in a twist like this if you are learning a foreign language or would like to learn one:

    Sentence: Nice to meet you, my name is Jon Mayes. It is certainly a pleasure.
    Translation to Japanese: Hajimemashite, watashi wa Jon Mayes desu. Dozo Yoroshiku!

    New password: HwwJMdDY!885

    As you can see, this is a good way for someone to remember a foreign language as you will be typing it in everyday and running over the sentence in the foreign language. Now, if you change your password every week, then you have just learnred 52 useful sentences to communicate with other people in a year. Make these the sentences that are harder to remember to help with your memorizing of them and ultimately give you more time to learn the easier words. Also, you will see that I put an 885 at the end of the sentence as well. The reason is that it is better to have a number mixed into it, so if you cannot find a place to put at lease one number in the password somewhere, then just add a few numbers that mean something to you.

    Just some ideas for password security.
     
  9. tablet

    tablet Premium Member

    JC, that’s a clever way now it make sense why you’re the ring holder.

    Given the time, a computer will brute force any password. That, should tell you right away that password will eventually becomes useless. IF a computer can operate at the speed of light and it takes 100 years to crack a password, I’m still happy cause in 100 I’ll be dead.
     
  10. Zsandmann

    Zsandmann Premium Member

    And tablet what you are saying is the premise of Dan Drowns Digital Fortress, you should check it out.
     
  11. tablet

    tablet Premium Member

    Interesting. I’ll get the book if I ever come across it.

    Since nothing can go faster than the speed of light and assuming that a quantum computer operate at such speed and it takes about a 100 years to crack the password. Does this mean that password still have securities? Since a quantum computer would be final?

    How about we use this kind of password:


    How long will it take a quantum computer to crack that? You might say it’s irrelevant since no one can remember such password, its way too long. I’m sure there are ways to use password of this length without much hassle. Actually, there is one hassle. You must keep this password on a disk or have it with you at all cost.

    Wouldn’t you say this will challenge a computer that operates at speed of light?
     
  12. tablet

    tablet Premium Member

    DLM, based on your experience with PGP, do you think oneday it will become obsolete once quantum computer is ready?

    Currently GPG is taking over and soon there will be a GUI version that allows anyone with no command-line experience to use it. I’m currently waiting for a GUI version since the commandline is a little troublesome.

    Again, will PGP/GPG becomes useless under the realm of quantum computer?

    Here’s something to think about, and why PGP/GPG is important:

    Visit the source to learn more about email security.