On Tue, Aug 12, 2014 at 4:14 PM, John Andersen <jsamyth@gmail.com> wrote:
On 8/12/2014 12:30 PM, Greg Freemyer wrote:
On the other-hand, the system I linked to before (http://www.techspot.com/news/51044-25-gpu-cluster-can-brute-force-windows-pa...) can brute force the full 16-char password space of Windows 2003 in 5.5 hours.
You should have read all the way to the bottom of that article where it points out:
It's worth pointing out that this method typically only applies to offline attacks due to the fact that most websites limit the number of incorrect password guesses before either locking the account down or enforcing a waiting period.
I read that part. I've been talking about offline attacks the entire time. They are easy to do. Take a look at John from the openSUSE distro: http://software.opensuse.org/package/john It is an offline cracker that you provide a hash and it gives back the password. Offline cracking is the norm. The hard part is getting the hashed password database, but breaches that gives access to the hashed password databases happen all the time. FYI: from http://www.openwall.com/john/doc/ === Out of the box, John supports (and autodetects) the following Unix crypt(3) hash types: traditional DES-based, "bigcrypt", BSDI extended DES-based, FreeBSD MD5-based (also used on Linux and in Cisco IOS), and OpenBSD Blowfish-based (now also used on some Linux distributions and supported by recent versions of Solaris). Also supported out of the box are Kerberos/AFS and Windows LM (DES-based) hashes, as well as DES-based tripcodes. When running on Linux distributions with glibc 2.7+, John 1.7.6+ additionally supports (and autodetects) SHA-crypt hashes (which are actually used by recent versions of Fedora and Ubuntu), with optional OpenMP parallelization (requires GCC 4.2+, needs to be explicitly enabled at compile-time by uncommenting the proper OMPFLAGS line near the beginning of the Makefile). Similarly, when running on recent versions of Solaris, John 1.7.6+ supports and autodetects SHA-crypt and SunMD5 hashes, also with optional OpenMP parallelization (requires GCC 4.2+ or recent Sun Studio, needs to be explicitly enabled at compile-time by uncommenting the proper OMPFLAGS line near the beginning of the Makefile and at runtime by setting the OMP_NUM_THREADS environment variable to the desired number of threads). John the Ripper Pro adds support for Windows NTLM (MD4-based) and Mac OS X 10.4+ salted SHA-1 hashes. "Community enhanced" -jumbo versions add support for many more password hash types, including Windows NTLM (MD4-based), Mac OS X 10.4-10.6 salted SHA-1 hashes, Mac OS X 10.7 salted SHA-512 hashes, raw MD5 and SHA-1, arbitrary MD5-based "web application" password hash types, hashes used by SQL database servers (MySQL, MS SQL, Oracle) and by some LDAP servers, several hash types used on OpenVMS, password hashes of the Eggdrop IRC bot, and lots of other hash types, as well as many non-hashes such as OpenSSH private keys, S/Key skeykeys files, Kerberos TGTs, PDF files, ZIP (classic PKZIP and WinZip/AES) and RAR archives. Unlike older crackers, John normally does not use a crypt(3)-style routine. Instead, it has its own highly optimized modules for different hash types and processor architectures. Some of the algorithms used, such as bitslice DES, couldn't have been implemented within the crypt(3) API; they require a more powerful interface such as the one used in John. Additionally, there are assembly language routines for several processor architectures, most importantly for x86-64 and x86 with SSE2. ===
When each possible decryption MUST BE TESTED, it really doesn't matter how fast your hardware is. UNLESS of course the decryption yields mountains of gibberish except for the ONE decryption that stands out clearly: DogKilledByApe,News@11
I don't think you understand the process. If 50 strange passwords and 1 human readable password (DogKilledByApe,News@11) all hash to the same thing, then they are _all_ valid passwords. All the algorithm cares about is that the password you entered hashes to the right value. It doesn't actually know what the original password was. Thus, there is no "testing" required. You just get the first one the off-line crack pops out and you use it. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org