CrackMe« Practices for Newbies

CrackMe^« Practices for Newbies
PROJECT 5: zipfile.exe

Re: An explanation!
Monday, 15-Feb-99 04:05:23
206.225.211.131 writes:

Sorry to interfere, but I wanted to add some precisions about brute force cracking :

> The problem with the bruteforce attack is that if the password you are trying to crack is long
> enough and has special characters included in it, then it becomes totally impractical.

It also depends on the speed of your algorithm, but generally speaking it's true. But
note that for instance unix passwords implementation compel you to use at least 2
alphabetic and one numeric or special character, and that you better not use characters
under 20h (if you still want to log in :).

> The fastest computer in the world (currently IBM`s new flagship) would take 10^64 billion years to
> figure out a 16 letter password using the entire ascii character set.

That's why supercomputers are not used for brute-force cracking. Instead you can build boards
full of ASICs : for instance, such a dedicated hardware tool has been used to find a DES key
(56 bits) in less than 3 days, testing more than 88 billions keys / second. (See
http://www.eff.org/DESCracker/).

> Therefore, a bruteforce attack is only usefull when the password is short enough or enough
> is known about the encryption routine to narrow down the possibilities.

Don't forget the difference between key and password : most modern algorithms use fixed key
length, that means that your password is first hashed to a fixed length key of f.i. 128 bits.
Therefore, I don't need to try every 30 characters passwords to break a text that you crypted
with your secret 30 bytes password : I just need to try every key (16 bytes). At last, I will
not know your password, but I will have your original text. That's what Cronos explained in his
second post, but he did not give the correct conclusion : you do not brute-force passwords, you
brute-force fixed length keys, that means you do not care about the password length.

That's an interesting forum, I'll keep on reading.

Best regards,

+Spath.

+Spath.

Message thread:

Brute force attack was successful (Dr. Zen) (13-Feb-99 22:26:29)

Re: Brute force attack wHat is it? (Jeff) (14-Feb-99 16:33:00)

Visit this site (Eternal Bliss) (14-Feb-99 18:05:46)
An explanation! (Mushy) (14-Feb-99 18:18:30)

Re: Brute Force (Mushy) (iCe) (14-Feb-99 23:07:04)
Re: An explanation! (+Spath.) (15-Feb-99 04:05:23)

Re: Re: An explanation! (Eternal Bliss) (15-Feb-99 09:14:43)
Re: Re: An explanation! (Cronos) (15-Feb-99 13:40:56)

Re: Re: Brute force attack wHat is it? (Cronos) (15-Feb-99 13:48:23)

Re: Appreciation to all! (Jeff) (15-Feb-99 15:35:05)

Writing VB Crackmes.. (EB) (15-Feb-99 19:21:23)

Re: Writing VB Crackmes.. (Jeff) (15-Feb-99 20:17:04)

Back to main board