Crack 8 Letter Hash in Only 5 Days

[SyntaXmasteR]

Ok Ok ... there is an If...

You can crack an 8 character hash (a-z,A-Z,0-*) in 5 days IF... you have 500 cpu's running at a speed of *,000,000 combinations a second which is equivalent to a bottom of the line core 2 duo.

This would be *00&#*7; accurate. Check out the tables:

Code:

CRACK 8 LETTER PASSWORD (a-z A-Z 0-*) 25-Days

22****45*5780*0 Combinations
Split between *00 Computers
22****45*5780.* Combinations per computer
Fixed Rate of *,000,000 combinations per second would be
22****4.5*5780* seconds per computer.
*6*86.57526*0*5 minutes per computer
6*6.442*2*05025 hours   per computer
25.685*2*7*0427 days    per computer

---------------------------------------------------------

CRACK 8 LETTER PASSWORD (a-z A-Z 0-*) **-Days

22****45*5780*0 Combinations
Split between 200 Computers
**0*5*72578*0.45 Combinations per computer
Fixed Rate of *,000,000 combinations per second would be
**0*5*7.2578*05 seconds per computer.
*84**.2876**508 minutes per computer
*08.22*460525** hours   per computer
*2.8425608552*4 days    per computer

---------------------------------------------------------

CRACK 8 LETTER PASSWORD (a-z A-Z 0-*) 5-Days

22****45*5780*0 Combinations
Split between 500 Computers
44*8*8*0**56.*8 Combinations per computer
Fixed Rate of *,000,000 combinations per second would be
44*8*8.*0**56*8 seconds per computer.
7**7.**505260*  minutes per computer
*2*.2885842*005 hours   per computer
5.**7024*420854 days    per computer

I'm curious to see how fast combinations are generated on a core 2 duo so if anyone has a computer with a core 2 duo please let me know!!!

If anyone would like to donate CPU power please let me know. If you guys want to start a donation for a supercomputer build it will only cost around $*00,000.

500 - Intel Core 2 Duo E4*00 - $60**5
500 - BIOSTAR P4M8*0-M7 TE LGA 775 VIA P4M8*0 Mother***rd - $224*5
500 - CORSAIR ValueSelect 5*2MB 240-Pin DDR2 SDRAM - $*4*5
500 - Sony NEC Optiarc Beige 52X CD-ROM IDE CD-ROM Drive - $5000
500 - HIPRO HP-P*527F*W ATX*2V *00W Power Supply - $5000
500 - CD's Linux - $500 // I'm 'jacking' your post just to say, Linux can be gotten for free :P ~Moonbat
* - Avocent AMX5020-00* AMX5020 42 Port KVM Switch - $*,*4*.**

Grand Total: $*068*4.** - it could be done, just remember that

~SyntaX - always wishing the impossible

[Moonbat]

Dude... are you high?

Anyway, have you heard of the [URL="http://en.wikipedia.org/wiki/EFF_DES_cracker"]DES Cracking Machine[/URL]?

The entire machine was capable of testing over *0 billion keys per second. It would take about 5 days to test every possible key at that rate.

which was built for less than $250,000

Anyway, I don't think you can do this with just $*00,000

We would need a huge fan, or 500 small fans, so figure that cost in as well. Water cooling would be better, but much more expenisve.

This would be awesome if it wasn't for the cost. I have some CCs (not sure if they work or not, never put em through a ******) if you really want to do this.

[SyntaXmasteR]

Na... Not High... I am allowed to throw a few crazy ideas out there every once in a while. And Yes it would be only a little over $*00k to build and Yes it would work, and yes it would run at the "least" 500 million combinations a second. Far from *0 billion, but I'm VERY sure the speed has a lot to do with my lack of C++ knowledge. If you used memory to run most of the cracker it would probably FLY, but... overrr my head.

If you would run a computer at *0 billion combinations a second this is what the results would be:

Possible Password Length: *2
Possible Characters: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0*2*45678*
Total Combinations: 62^*2 + 62^** + 62^*0 + 62^* + 62^8 + 62^7 + 62^6 + 62^5 + 62^4 + 62^* + 62^2 + 62^* = *27**56*8*45*60*0*68*0 combinations.

*27**56*8*45*60*0*68*0/*0000000000 (combinations/second) = *64*5070*05.0400*440* seconds * (* min/ 60 seconds) * (* hour/ 60 minutes) * (* day/ 24 hours) * (* year/ *65 days) =

**55.*485** years to try every single combination.

[SyntaXmasteR]

Holy Sh*T - These guys were brilliant designers, they just need to *****en up their math skills a bit.

On Wednesday, July *7, ***8 the EFF DES Cracker, which was built for less than $250,000, easily won RSA Laboratory's "DES Challenge II" contest and a $*0,000 cash prize.

[Moonbat]

This was ***8 after all, computers weren't nearly as powerful (hence you needed more memory/power), so yeah, maybe now you can do it at $*00,000.

They spent a little less than $250,000 to get a $*0,000 prize, but after all, it's for the advancement of cryptography, and by extension, computer security in general.

I have an idea. Maybe you can get the EFF to sponsor you with the cash. Of course, you would probably need:

- To have written a huge (20+ page) paper on how/why your idea should work

- To make a nice *0+ slide Powerpoint explaining the same thing, except with big graphs and stuff

- Hopefully, you've passed college with a Bachelor's Degree in Computer Science. (Having a ******'s Degree in a computer field, especially cryptography, would be a BIG plus)

- To have tried something like this on a smaller scale (like maybe a 4 char passwd with a smaller scale)

It's a longshot, but it could happen

[Ezekiel]

Well I am high right now and this seems a good idea, but if I had &#*6*;50,000, I'd probably leave this country and buy a large villa in Spain or something. Expensive geek side-projects are a low priority.

Good luck anyway.

Note To Mike: If you had &#*6*;50,000 - invest in Yahoo stock TODAY! Watch the stock over the next 6 months. I have about 5k invested in it.

[Ezekiel]

Note To Mike: If you had &#*6*;50,000 - invest in Yahoo stock TODAY! Watch the stock over the next 6 months. I have about 5k invested in it.

Cool tip, but I've totally run out of ***** for now. I think I have &#*6*;200 left in my **** account, &#*6*;200 invested somewhere else and about &#*6*;2000 in savings

Remember that &#*6*;* is about $2.

I just spend all my ***** on illegal or pointless items, then check my **** account and think "whoa". Plus, being unemployed (apart from freelancing) doesn't help with funds. You, having an actual job, can take up this opportunity.

Let us know whether you double, triple, or just half your investment.

Could be useful though. Why Yahoo? If you don't want to reveal secrets here, PM me.

Do you really think this is such a sound investment that I should withdraw the &#*6*;2000 (approx. $4000) my parents spent years accumulating, and invest it in Yahoo? The ***** I've earned myself isn't really enough to make massive profits.

[JayT]

Ok Ok ... there is an If...

You can crack an 8 character hash (a-z,A-Z,0-*) in 5 days IF... you have 500 cpu's running at a speed of *,000,000 combinations a second which is equivalent to a bottom of the line core 2 duo.

This would be *00&#*7; accurate. Check out the tables:

Code:

CRACK 8 LETTER PASSWORD (a-z A-Z 0-*) 25-Days

22****45*5780*0 Combinations
Split between *00 Computers
22****45*5780.* Combinations per computer
Fixed Rate of *,000,000 combinations per second would be
22****4.5*5780* seconds per computer.
*6*86.57526*0*5 minutes per computer
6*6.442*2*05025 hours   per computer
25.685*2*7*0427 days    per computer

---------------------------------------------------------

CRACK 8 LETTER PASSWORD (a-z A-Z 0-*) **-Days

22****45*5780*0 Combinations
Split between 200 Computers
**0*5*72578*0.45 Combinations per computer
Fixed Rate of *,000,000 combinations per second would be
**0*5*7.2578*05 seconds per computer.
*84**.2876**508 minutes per computer
*08.22*460525** hours   per computer
*2.8425608552*4 days    per computer

---------------------------------------------------------

CRACK 8 LETTER PASSWORD (a-z A-Z 0-*) 5-Days

22****45*5780*0 Combinations
Split between 500 Computers
44*8*8*0**56.*8 Combinations per computer
Fixed Rate of *,000,000 combinations per second would be
44*8*8.*0**56*8 seconds per computer.
7**7.**505260*  minutes per computer
*2*.2885842*005 hours   per computer
5.**7024*420854 days    per computer

I'm curious to see how fast combinations are generated on a core 2 duo so if anyone has a computer with a core 2 duo please let me know!!!

If anyone would like to donate CPU power please let me know. If you guys want to start a donation for a supercomputer build it will only cost around $*00,000.

500 - Intel Core 2 Duo E4*00 - $60**5
500 - BIOSTAR P4M8*0-M7 TE LGA 775 VIA P4M8*0 Mother***rd - $224*5
500 - CORSAIR ValueSelect 5*2MB 240-Pin DDR2 SDRAM - $*4*5
500 - Sony NEC Optiarc Beige 52X CD-ROM IDE CD-ROM Drive - $5000
500 - HIPRO HP-P*527F*W ATX*2V *00W Power Supply - $5000
500 - CD's Linux - $500 // I'm 'jacking' your post just to say, Linux can be gotten for free :P ~Moonbat
* - Avocent AMX5020-00* AMX5020 42 Port KVM Switch - $*,*4*.**

Grand Total: $*068*4.** - it could be done, just remember that

~SyntaX - always wishing the impossible

I'm confused. I confuse easily.

Can you please explain the derivation of 22*,***,45*,578,0*0 combinations???

I'm curious how you derived that value using the characters (a-z A-Z 0-*), which constitutes a total of 62 characters.

My computations give 2*8,*40,*05,584,8*6 password permutations for an 8-character password if duplicate characters are allowed or **6,*25,8**,**4,400 permutations when duplicate characters are excluded, unless I'm doing something wrong.


Jay of the Universe

[SyntaXmasteR]

- Hopefully, you've passed college with a Bachelor's Degree in Computer Science. (Having a ******'s Degree in a computer field, especially cryptography, would be a BIG plus)

lol, yeah right. All the computer science teachers hired at colleges around here speak English as a second language if at all. Do you know how hard it is to learn when someone doesn't speak your language? Its miserable because you want to learn, but you can't.

I'll bring this ridiculously large scale example down to a size that is more easily understood.


Character set: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0*2*45678*
Max password length: 4
Total combinations: *50*8570
Total Processors: *0

Each Processor would complete: 06:*2:25:** Combinations (expressed using array positions)
The reason I say combinations per processor is becuase the system I would design has each processor starting at different positions inside the total combinations. It doesnt just start at 62:62:62:62 => 62:62:62:6* => 62:62:62:60

-----------------------------------------

HERE IS THE DATA I COMPUTED. THESE ARE CRACKING SETS DIVIDED EVENLY AMONG *0 PROCESSORS

FIRST PROCESSOR STARTING POSITION: 62:62:62:62 (array position format)
**** (STRING format)
62:62:62:62
-06:*8:4*:**
------------
56:44:**:**

SECOND PROCESSOR STARTING POSITION: 56:44:**:** (array position format)
4StF (STRING format)
56:44:**:**
-06:*8:4*:**
------------
50:25:*8:00

THIRD PROCESSOR STARTING POSITION: 50:25:*8:00 (array position format)
YzMa (STRING format)
50:25:*8:00
-06:*8:4*:**
------------
44:06:56:**

FOURTH PROCESSOR STARTING POSITION: 44:06:56:** (array position format)
Sg4F (STRING format)
44:06:56:**
-06:*8:4*:**
------------
*7:50:**:00

FIFTH PROCESSOR STARTING POSITION: *7:50:**:00 (array position format)
LYna (STRING format)
*7:50:**:00
-06:*8:4*:**
------------
**:**:**:**

SIXTH PROCESSOR STARTING POSITION: **:**:**:** (array position format)
FFFF (STRING format)
**:**:**:**
-06:*8:4*:**
------------
25:*2:50:00

SEVENTH PROCESSOR STARTING POSITION: 25:*2:50:00 (array position format)
zmYa (STRING format)
25:*2:50:00
-06:*8:4*:**
------------
*8:56:06:**

EIGHTH PROCESSOR STARTING POSITION: *8:56:06:** (array position format)
s4gF (STRING format)
*8:56:06:**
-06:*8:4*:**
------------
*2:*7:25:00

NINTH PROCESSOR STARTING POSITION: *2:*7:25:00 (array position format)
mLza (STRING format)
*2:*7:25:00
-06:*8:4*:**
------------
06:*8:4*:**

TENTH PROCESSOR STARTING POSITION: 06:*8:4*:** (array position format)
gsRF (STRING format)
06:*8:4*:**
-06:*8:4*:**
------------
00:00:00:00

[SyntaXmasteR]

Jay, I confused myself writing this stuff!

2*8,*40,*05,584,8*6 is 62^8 right? Yes! but you are forgetting to add these combination sets:

62^7
62^6
62^5
62^4
62^*
62^2
62^*

It was hard for me to figure out the first time I wrote everything but when you think about it:

aaaaaaaa-******** = 2*8,*40,*05,584,8*6
aaaaaaa -******* = *,52*,6*4,606,208
aaaaaa -****** = 56,800,2*5,584

etc...

or at least this is what I believe is correct because when you take something as small as this:

Possible Characters: abc
Max Length: 2
You Get These Combinations:
aa
ab
ac
ba
bb
bc
ca
cb
**
a
b
c

Total= *2 or *^2 + *^*

[JayT]

Ok Ok ... there is an If...

You can crack an 8 character hash (a-z,A-Z,0-*) in 5 days IF... you have 500 cpu's running at a speed of *,000,000 combinations a second which is equivalent to a bottom of the line core 2 duo.



Grand Total: $*068*4.** - it could be done, just remember that

~SyntaX - always wishing the impossible

I think I figured out where your numbers came from.

You didn't make it very clear. I assumed you meant
specifically 8-character passwords only, since your
example here implied that was the case.

In the case of 8-characters only, the total of
22*,***,45*,578,0*0 is inaccurate. That number is
the sum of ALL possibilities consisting of anywhere
from 2 to 8 characters, not just 8 characters.

For an 8-character password, there are
2*8,*40,*05,584,8*6 possibilities if
duplicate characters are allowed or
**6,*25,8**,**4,400 possibilities if
no duplicate characters are allowed
in a password.



If duplicate characters are allowed in a password:

* character passwords possible = 62
2 character passwords possible = *,844
* character passwords possible = 2*8,*28
4 character passwords possible = *4,776,**6
5 character passwords possible = **6,**2,8*2
6 character passwords possible = 56,800,2*5,584
7 character passwords possible = *,52*,6*4,606,208
8 character passwords possible = 2*8,*40,*05,584,8*6

SUM = 22*,***,45*,578,0*0



Perhaps this number could be reduced by eliminating
duplicate password evaluations. Any password that
is eliminated once, never needs to be retested.

For example, the 2-character password, "AA" would
occur twice on a list of possibilities. They are
indistinguishable, but still count as two separate
possibilities.

In the case of an 8-character password, the password
"AAAAAAAA" would appear 40*20 times on a list of all
possibilities. In other words, the computer would
test that password 40*20 times when only once would
be required to eliminate it. The same applies to
every character allowed in the password.

Eliminating duplicate tests would greatly impact the
computer time required to compute all possibilities.

Imagine how much paper would be saved by printing
the list of all possibilities with duplicates eliminated
from the listing.

Perhaps 500 computers aren't needed after all and
careful logical planning can save you ***** on the
hardware required!

LOL

Try this code to count the possibilities.

USAGE:

print PW_Permutations (8, 62); // In this case

Code:

   function PW_Permutations ($MaxPWLength, $CharSetSize)
{

// $MaxPWLength = Maximum number of characters in a password

// $CharSetSize = Number of valid characters from which to choose

   $sum = "0";
   $out = "";

   for ($i=*;   $i <= $MaxPWLength;   $i++)
   {
   $p    = bcPow($CharSetSize, $i);
   $sum  = bcAdd($sum, $p);
   $out .= "$i character passwords possible = $p<BR>";
   }

   $out .= "SUM = $sum";

   return $out;

}

Assuming up to *2 characters allowed in a password
and the characters 0-*, a-z, A-Z = 62 characters
are allowed and duplicate characters are also allowed
in a password, then the above code gives:

* character passwords possible = 62
2 character passwords possible = *844
* character passwords possible = 2*8*28
4 character passwords possible = *4776**6
5 character passwords possible = **6**28*2
6 character passwords possible = 568002*5584
7 character passwords possible = *52*6*4606208
8 character passwords possible = 2*8*40*055848*6
* character passwords possible = **5*708654626*552
*0 character passwords possible = 8**2***65868*40224
** character passwords possible = 520*656068*8*70**888
*2 character passwords possible = *226266762**78**82*056
** character passwords possible = 2000285**26866*788*05472
*4 character passwords possible = *240*76*4*4657526**2***264
*5 character passwords possible = 768*0*704*487666685526*4*68
*6 character passwords possible = 4767240*70682*5**45026***08*6
*7 character passwords possible = 2*55688*0582*05*07***6*265*05*2
*8 character passwords possible = *8*2527*2*6*02*6625828*224*656704
** character passwords possible = ***6*668*5**8*8**080**4*5**067*5648
20 character passwords possible = 70442*425546**8022*68**02646*6*70*76
2* character passwords possible = 4*674252*8****8774240*64764062*4*50**2
22 character passwords possible = 270780*6478026604002*026*5*7*85*26*56544
2* character passwords possible = *6788*826*6*764*448*7**62*5*054*027**05728
24 character passwords possible = *04087*7222*5*4265787*5765*48*40**6820*55**6
25 character passwords possible = 645*4542777*5*2447880*7745*6*4*046028**2*84*2
26 character passwords possible = 400**4*652**5777*76858*40200**26885*7*75*542784
27 character passwords possible = 2480707824*6**8*84*652*70*240822668**5445*5652608
28 character passwords possible = *5*80*885**04056746784*45*72***00547***764**046*6*6
2* character passwords possible = *5*5840876845*5*8*0062*450*2*722****8785425688625*52
*0 character passwords possible = 5**222**4*64***4**46**025****46785042046*6**26*475*424
** character passwords possible = *6655772**05*276*6*476**6070*6700672606***76*47075084288
*2 character passwords possible = 22726578844*675**45*5524*56*627544*70*62852***5*8655225856

SUM = 2*0***457**2784562*705*274*0*00*2686*476**806*576**80*84*0


Dr.Evil says: "You have * hour to guess my *2 character password to deactivate my bomb or the solar system will explode."

I'll get you, my pretty, and your little dog too!

[SyntaXmasteR]

Maybe I was a little unclear but the program I wrote will only run through each combination once so AAAAAAAA will only be tried once, not 40*20 times.

What formula are you using to compute your numbers?

If duplicate characters are allowed in a password:

* character passwords possible = 62
2 character passwords possible = *,844
* character passwords possible = 2*8,*28
4 character passwords possible = *4,776,**6
5 character passwords possible = **6,**2,8*2
6 character passwords possible = 56,800,2*5,584
7 character passwords possible = *,52*,6*4,606,208
8 character passwords possible = 2*8,*40,*05,584,8*6

SUM = 22*,***,45*,578,0*0

I don't understand why you think these numbers include duplicates. I'm also no math genius so please fill me in with an example of duplication within the program.

To simplify the programs actions:

*. Creates an array for possible characters - ('a','b','c')
2. Creates a counter for total combination positions - 0:0:0
*. Increments the counter by * trying each combination -
0:0:0 = aaa
0:0:* = aab
0:0:2 = aac
0:*:0 = aba

etc... Until all possible combinations are tried "Once"

[Moonbat]

Ugh, math is not my forte. But supposing you were only doing strict 8-char passwords, wouldn't the method for finding all the combos be:

Code:

62 x 6* x 60 x 5* x 58 x 57 x 56 x 55


I.E. 62(8)

This is what I remeber about combinations from school.

[JayT]

Maybe I was a little unclear but the program I wrote will only run through each combination once so AAAAAAAA will only be tried once, not 40*20 times.

What formula are you using to compute your numbers?


I don't understand why you think these numbers include duplicates. I'm also no math genius so please fill me in with an example of duplication within the program.

To simplify the programs actions:

*. Creates an array for possible characters - ('a','b','c')
2. Creates a counter for total combination positions - 0:0:0
*. Increments the counter by * trying each combination -
0:0:0 = aaa
0:0:* = aab
0:0:2 = aac
0:*:0 = aba

etc... Until all possible combinations are tried "Once"

SyntaX:



Here's the problem I see:

I took your statement literally about testing ALL possibilities, which is different than testing only the UNIQUE possibilities.

I was wondering if your method of cycling through ALL possibilities skips duplicates that recur during subsequent cycles?

The total count of UNIQUE possibilities is the only count that matters here, not the total count of ALL possibilities.


Example:

Given a *-character password, how may permutations are there?

Answer = 6

If password = ABC

The six possibilities are:

ABC ACB BAC BCA CAB CBA


If you allow any duplicate characters in a password, then things change.


In any password you create, the possibility exists that the same character may be used more than once.

Example:

Password = LetMeIn

There are 5040 total permutations here.

If you exchange the 'e' letters, there are two identical passwords.

They look identical to the eye, but to the computer, they are distinct possibilities and come up separately during a systematic search for all possibilities.

If "LetMeIn" was already tested previously, then it should not be tested again or show up a second time on the list or it will be counted more than once.

In other words, if you systematically rotate through all 5040 possibilities, the password "LetMeIn" will occur twice. The two 'e' letters will in effect be swapped, but each password still counts as * possibility even though they are identical.


Suppose I used a * letter password and chose "AAA"

There are 6 possible permutations of those letters.

The six possibilities are:

AAA AAA AAA AAA AAA AAA

There may be 6 possibilities in total, but all are identical.

Should the program test AAA a total of 6 times, counting it each time, as it cycles through all possibilities or only once because it recognizes it as a duplicate previously tested during an earlier cycle?


Since they are all identical, collectively they only add up to * single possibility.

The second time AAA occurs in the list, it should not be counted again as a separate possibility.

This means that given the password AAA, there is only * possible unique possibility, identical to the other 5, but the computer still says that there are 6 permutations and counts them. It doesn't care if they are all equal, only what the total count is - and that total is 6 regardless of whether they are identical or not.

The program would still test and count each identical password separately, including duplicates, as it cycled through them, unless it was programmed to bypass any duplicate it encounters again in the list and not add the duplicate to the total count.

To the eye, those permutations are identical, but to the computer, they are accounted for as independent possibilities and counted as such without regard to if or not it encountered that same password before.

I don't think the method you propose counts only UNIQUE passwords, but includes even identical duplicates among the total which should be counted only once instead.

When these duplicates are subtracted from the total, it reduces the required work.


Another example:

Password = ABA

The six possibilities are:

ABA AAB BAA BAA AAB ABA

Count = 6

Total UNIQUE passwords = * which does not match the count (6) because each possibility occurs twice, but only counts as * (one) possibility each and should not be counted twice.

ABA = Twice in the test list
AAB = Twice in the test list
BAA = Twice in the test list

The count (6) is only valid, IF there are no duplicate characters whatsoever in the password. Otherwise, the counted total of all possibilities is greater than the true total of unique possibilities.

Testing those duplicates would double the time required because it would test all 6 of them twice when only once each would be sufficient.








Analysis of the password "LetMeIn"

Each letter is used:

L = * time
e = 2 times
t = * time
M = * time
I = * time
n = * time

To remove all duplicate passwords from the total count:


Unique Permutations = (Total Permutations) / (Product of character counts)


Total permutations of 7 characters = 5040

Unique permutations = 7! / (**2********) = (5040 / 2) = 2520

You have a choice here.

Test all 5040 possibilities or test only 2520, when all duplicates have been removed from the list of total possibilities that contain interchangeable but indistinguishable 'e' characters.

In the total of 5040 possibilities, half of them have identical duplicates that do not need to be tested again.

[JayT]

Ugh, math is not my forte. But supposing you were only doing strict 8-char passwords, wouldn't the method for finding all the combos be:

Code:

62 x 6* x 60 x 5* x 58 x 57 x 56 x 55


I.E. 62(8)

This is what I remeber about combinations from school.

You're doing OK. I'm out of practice too.



Your formula above gives the total count of passwords that contain no duplicate characters within them.

To get the total count of ALL possibilities, regardless of duplications the formula is simply

(Character Set Size) ^ (Number of Characters In Password)

In this case, that would be

62 ^ 8 = 2*8,*40,*05,584,8*6