Password etc cracking theory = Wrong

Discussion in 'privacy problems' started by CloneRanger, Jul 7, 2011.

Not open for further replies.
1. CloneRangerRegistered Member

Joined:
Jan 4, 2006
Posts:
4,832
All the data about the X amount of years etc it takes to crack a PW etc, is based on trying X zillion etc combinations until it's cracked. That presumes the cracking has to try Every possible combination before it gets a result.

But i'm "suggesting" that "might" not be the case at all. Why should it automatically be presumed that only until the last X zillion iteration after X years has completed that we get the result ? So the much banded about figures for the amount of time it would take, is in error. In "theory" it's correct, but that's all !

It depends entirely on BOTH what the PW etc is, & also on how the cracking is coded for expediency. If the software is only coded to start at abc/123 etc, then that's the long way to do it. What about having multiple attacks starting at numerous different entry points, not just starting at abc/123 but anywhere possible within the range, forwards & backwards. These individual attacks could be arranged in multiple blocks that didn't overlap, the more there are the quicker it could be cracked.

Also it's a bit like the lottery, i'm not aware of EVER seeing 123456 etc come up as the winning number. It could of course, but Never has AFAIK.

2. Hungry ManRegistered Member

Joined:
May 11, 2011
Posts:
9,148
pretty sure this is taken into account with estimations

3. hugsyRegistered Member

Joined:
May 22, 2010
Posts:
167

Numbers like 123456 are only "special" to our mind, in math these "special" numbers are just the same as any other combination of numbers, they all have the same probability of being drawn. It's just like the poker hands; two aces have the same probability as two fours, its just that we gave the two aces more value in the game that is the difference.

4. crofttkRegistered Member

Joined:
May 15, 2004
Posts:
1,976
Location:
Eastern PA, USA
Hmmmm, why didn't I think of that? I could do a task broken into 6 sub-tasks simultaneously and get them all done in the same amount of time it would take me to do just the one? Alas, I suspect if my ability to multi-task was impeccable and free of overhead I could hope to.

5. SpooonyRegistered Member

Joined:
Apr 30, 2011
Posts:
514
Who need to crack a password when you can exploit a hole in a application.

6. x942Guest

Because 99% of the time there are no known exploits (think TC or PGP). What would you rather do:

2) attack the application and waste time hopping for a bug that either bypasses or reveals the password.

That said some can be bypassed (1%). Windows login is one of those same with Linux (KonBoot). This stil doesn't help if the user encrypted files on there computer (or /home).
..........

(on topic more)

Best way to test a password is to use it (ie in windows) and attack it with oph rack or John the Ripper. If it's weak those will get it.