Running a Brute Force Attack Simulation...

This is a discussion on Running a Brute Force Attack Simulation... within the C++ Programming forums, part of the General Programming Boards category; Originally Posted by h3ro Is there some faster ways to break a password if you dont have any information about ...

  1. #16
    Deathray Engineer MacGyver's Avatar
    Join Date
    Mar 2007
    Posts
    3,211
    Quote Originally Posted by h3ro View Post
    Is there some faster ways to break a password if you dont have any information about it?
    No, thankfully.

  2. #17
    Lean Mean Coding Machine KONI's Avatar
    Join Date
    Mar 2007
    Location
    Luxembourg, Europe
    Posts
    444
    Deep Crack, build in 1998 could test 90 billion keys per second, that's already a lot more than "10000" passwords a second. But it is true that bruteforce attacks are for idiots, as you can see here. Nowadays, the most common and effective way of breaking a cipher is through Cryptanalysis.

  3. #18
    Lean Mean Coding Machine KONI's Avatar
    Join Date
    Mar 2007
    Location
    Luxembourg, Europe
    Posts
    444
    Quote Originally Posted by h3ro View Post
    Wow, thats insane. I thought a password could be broken in much less time
    distributed.net was able to break the 56-bit DES key in less than 24 hours. It uses a system like Seti@Home or Folding@Home, breaking the keyspace into small blocks and distributing the key search over a number of clients.

  4. #19
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    Quote Originally Posted by h3ro View Post
    Wow, thats insane. I thought a password could be broken in much less time (thank you Hollywood for a good 'hacker' education XD)

    Is there some faster ways to break a password if you dont have any information about it?

    Yes there are. Usually one can find flaws/weakpoints in the algorithm itself and find a way to crack the algorithm. But yes, brute force is 100% effective, it just takes an extremely long time.
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  5. #20
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    And anyone have advice for the whole time conversion problem?
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  6. #21
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,230
    Quote Originally Posted by h3ro View Post
    Wow, thats insane. I thought a password could be broken in much less time (thank you Hollywood for a good 'hacker' education XD)

    Is there some faster ways to break a password if you dont have any information about it?
    Sure, but by definition that would no longer be "brute force."

  7. #22
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,230
    Quote Originally Posted by KONI View Post
    But it is true that bruteforce attacks are for idiots
    Or for people who need to crack a message encrypted with an algorithm with no known weaknesses...

  8. #23
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    Alrighty let's just clarify this issue so someone can help me out here =)

    Brute force consists of trying EVERY possible password in order to decrypt a file, log-in to something, break a hash, etc. Most of the algorithms used today by governments and such are so secure (AES for instance), that one can ONLY use a brute force attack. It is NOT for idiots by any means. For all we know the NSA could have a supercomputer (and more than likely does) with thousands if not millions of processors which could run effective brute force attacks in a decent/reasonable amount of time.

    With quantum computers on the horizon brute force attacks will be a real threat. No longer will it take thousands of years to crack a code, it could take a few minutes with the technology of the future.

    The thing about brute force is that it IS 100% effective, at some point, you will enter the correct key and decipher the code, it's just in this day and age, a 128-bit key for AES encryption could (literally) take longer to crack than the lifetime of the universe. However, for a small key here it takes considerably shorter (well still long, an 8 character key, with upper, lower and numerals, and assuming the chances of finding the key in the first half are 50%, one could make a reasonable estimate that it would take about 70 years to find the key, testing about 50000 keys a second, the max would be about 140.)

    However...

    I'm asking about my time conversions, what's the matter with them?
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  9. #24
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    21,310
    I'm asking about my time conversions, what's the matter with them?
    You probably should use something along these lines:
    milliseconds = time % 1000
    time /= 1000
    seconds = time % 60
    time /= 60
    minutes = time
    C + C++ Compiler: MinGW port of GCC
    Version Control System: Bazaar

    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  10. #25
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,230
    Quote Originally Posted by Junior89 View Post
    Most of the algorithms used today by governments and such are so secure (AES for instance), that one can ONLY use a brute force attack. It is NOT for idiots by any means.
    So far as we know. A weakness could be discovered tomorrow. It is very difficult (nigh impossible) to PROVE that any given cipher is secure against cryptanalysis.

    The thing about brute force is that it IS 100% effective, at some point, you will enter the correct key and decipher the code
    Even this is not strictly true. If the keyspace is sufficiently large compared to the ciphertext, it is possible that there is some key K2 which is different from the key used to encrypt the original message, which nevertheless yields a comprehensible plaintext. The extreme example of this is the one-time pad. The security of OTP hinges precisely on this fact -- if the keyspace is always at least as large as the message, you can never know if you've found the right key, even if the decryption looks "good."

  11. #26
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    Yes you are correct, we are assuming however a standard algorithm of today. Such algorithms, such as GOST, BLOWFISH, AES, etc. Do not have such collisions.

    I neglected to mention that OTP's are the exception. They are impossible to crack, literally, you never know if you have the right key or not because it's more random and is as long as the plaintext. However, the security of OTP's relies on Complete randomness of the encrypting machine as well as NEVER using the same key twice. As soon as that happens, it's simple to crack.


    I'm still having trouble with these time conversions. clock() returns the time in milliseconds right? I'm getting crazy numbers when it goes to convert. Perhaps the time in milliseconds is too big and it's wrapping around inside the unsigned int variable?
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  12. #27
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    21,310
    clock() returns the time in milliseconds right?
    You could read cppreference on clock().
    Last edited by laserlight; 05-29-2007 at 11:16 PM. Reason: Oh dear, too used to the man tags at another message board
    C + C++ Compiler: MinGW port of GCC
    Version Control System: Bazaar

    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  13. #28
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    I just remember that clock() returns the number of clock cycles i believe.

    Anywho... i fixed it myself. I switched from milliseconds to seconds and for some reason i was using a ton of modulus operators instead of division ??? i'm an idiot.

    Thanks for the help.
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  14. #29
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,230
    Quote Originally Posted by Junior89 View Post
    I'm still having trouble with these time conversions. clock() returns the time in milliseconds right? I'm getting crazy numbers when it goes to convert. Perhaps the time in milliseconds is too big and it's wrapping around inside the unsigned int variable?
    clock() returns the time spent in units of CLOCKS_PER_SEC, which in theory could be anything at all. Use CLOCKS_PER_SEC, not some hardcoded value.

  15. #30
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434
    Thanks but i just used a time_t variable with the funtion time() and i'm set.

    It works well, takes about 4 minutes to break a 4 digit password, not speedy gonzolez, but hey, it works.
    "Anyone can aspire to greatness if they try hard enough."
    - Me

Page 2 of 3 FirstFirst 123 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. 2d array Brute force test
    By grimuth in forum C++ Programming
    Replies: 5
    Last Post: 04-08-2010, 10:01 AM
  2. Brute Force
    By swgh in forum A Brief History of Cprogramming.com
    Replies: 6
    Last Post: 08-16-2007, 01:41 AM
  3. Replies: 2
    Last Post: 03-21-2004, 07:21 PM
  4. structure vs class
    By sana in forum C++ Programming
    Replies: 13
    Last Post: 12-02-2002, 06:18 AM
  5. Help : Brute Force String KeyGen
    By Tangy in forum C++ Programming
    Replies: 11
    Last Post: 03-11-2002, 08:01 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21