Password etc cracking theory = Wrong

Discussion in 'privacy problems' started by CloneRanger, Jul 7, 2011.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    All the data about the X amount of years etc it takes to crack a PW etc, is based on trying X zillion etc combinations until it's cracked. That presumes the cracking has to try Every possible combination before it gets a result.

    But i'm "suggesting" that "might" not be the case at all. Why should it automatically be presumed that only until the last X zillion iteration after X years has completed that we get the result ? So the much banded about figures for the amount of time it would take, is in error. In "theory" it's correct, but that's all !

    It depends entirely on BOTH what the PW etc is, & also on how the cracking is coded for expediency. If the software is only coded to start at abc/123 etc, then that's the long way to do it. What about having multiple attacks starting at numerous different entry points, not just starting at abc/123 but anywhere possible within the range, forwards & backwards. These individual attacks could be arranged in multiple blocks that didn't overlap, the more there are the quicker it could be cracked.

    Also it's a bit like the lottery, i'm not aware of EVER seeing 123456 etc come up as the winning number. It could of course, but Never has AFAIK.
     
    CloneRanger, Jul 7, 2011
    #1
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    pretty sure this is taken into account with estimations
     
    Hungry Man, Jul 7, 2011
    #2
  3. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167

    Numbers like 123456 are only "special" to our mind, in math these "special" numbers are just the same as any other combination of numbers, they all have the same probability of being drawn. It's just like the poker hands; two aces have the same probability as two fours, its just that we gave the two aces more value in the game that is the difference.
     
    hugsy, Jul 7, 2011
    #3
  4. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,979
    Location:
    Eastern PA, USA
    Hmmmm, why didn't I think of that? I could do a task broken into 6 sub-tasks simultaneously and get them all done in the same amount of time it would take me to do just the one? :D Alas, I suspect if my ability to multi-task was impeccable and free of overhead I could hope to.
     
    crofttk, Jul 7, 2011
    #4
  5. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Who need to crack a password when you can exploit a hole in a application.
     
    Spooony, Jul 7, 2011
    #5
  6. x942

    x942 Guest

    Because 99% of the time there are no known exploits (think TC or PGP). What would you rather do:

    1) attack the password (the weakest link)

    2) attack the application and waste time hopping for a bug that either bypasses or reveals the password.


    That said some can be bypassed (1%). Windows login is one of those same with Linux (KonBoot). This stil doesn't help if the user encrypted files on there computer (or /home).
    ..........


    (on topic more)

    Best way to test a password is to use it (ie in windows) and attack it with oph rack or John the Ripper. If it's weak those will get it.
     
    x942, Jul 8, 2011
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...