Jump to content

Testing Password Strength

etftw

By etftw
in Security

 Share

Recommended Posts

etftw Newbie

etftw

Posted
Posted

Edit: Just so no one else misunderstands, I am NOT asking for any malicious software that could actually be used to brute force actual systems

Hello,

I was just wondering if anyone knows of a tool which lets you enter a password which the program will then attempt to brute force against. Just fancied testing out the strength of some of my passwords against a brute force attack.

Cheers :)

Link to comment
Share on other sites
etftw Newbie

etftw

Posted
  • Author
Posted
Episode 3x09 tells of a password strength checker --> http://www.passwordmeter.com/

Cheers, that is quite a handy website.

I was looking more for an actual tool which will brute force against a string that I enter so I could see how long it would actually take someone to brute force my password.

If no such tool exists I suppose I will just have to make it myself though, just thought I would save some time and see if anyone knew of one :)

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
Posted
Cheers, that is quite a handy website.

I was looking more for an actual tool which will brute force against a string that I enter so I could see how long it would actually take someone to brute force my password.

If no such tool exists I suppose I will just have to make it myself though, just thought I would save some time and see if anyone knew of one :)

It is possible to mathematically measure a passwords resilience to brute forcing without wasting time actually brute forcing the password.

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
Posted

Write one. Autohot key is the easiest to do it in. Find the window, set the user name and then run it against a string of words in a list. In all honesty you should really google before you ask because there are tons out there, but this forum isnt about that kind of "hacking".

Link to comment
Share on other sites
etftw Newbie

etftw

Posted
  • Author
Posted
Write one. Autohot key is the easiest to do it in. Find the window, set the user name and then run it against a string of words in a list. In all honesty you should really google before you ask because there are tons out there, but this forum isnt about that kind of "hacking".

I am not looking for a malicious program to brute force other peoples applications / websites, I want a program that brute forces against itself just for demonstration purposes of how long it would take to actually brute force a secure / unsecure password.

Update

I have found a solution which gives an estimate of how long it would take a password to be brute forced ( http://lifehacker.com/5072112/check-your-p...e-force-attacks )

According to that spreadsheet it would take a total of 23,375,644 days to brute force my password if 100,000 machines were employed :huh:

It is rather comforting to know that fact :D

Link to comment
Share on other sites
etftw Newbie

etftw

Posted
  • Author
Posted
Is that taking in to consideration rainbow table and the newer line of processors or gpus?

Well that is why I wanted to test my password in a practical situation as I don't know what the creators of such password checkers consider to be safe or how they figure out such times

Link to comment
Share on other sites
etftw Newbie

etftw

Posted
  • Author
Posted
or even that order of testing the password will alter time of calculation. As well as the algorithm used.

Sorry I didn't understand that post?

Did you mean even testing in a practical manor could still have different results depending on the algorithm the developer used?

And in case anyone is wondering why I want to try to crack my own password it is because I am going to be carrying around a pen drive with me that has some very important documents, I have used TrueCrypt to encrypt the pen drive using AES and I am using a password that is over 20 characters and contains purely random characters so in theory it is a very practical password, but I just wanted to see for myself how secure it really is.

Link to comment
Share on other sites
MBP Newbie

MBP

Posted
Posted

just find out how many possible combinations there are in your pass and then divide it by number of passwords you can crack per second. my old dual core 1.9ghz used to do 20 pass's a second and it took 5 days to brute force a rar with 8 characters

Link to comment
Share on other sites
etftw Newbie

etftw

Posted
  • Author
Posted
just find out how many possible combinations there are in your pass and then divide it by number of passwords you can crack per second. my old dual core 1.9ghz used to do 20 pass's a second and it took 5 days to brute force a rar with 8 characters

That is a much more efficient idea, not sure why I didn't think of doing that in the first place :huh:

Link to comment
Share on other sites
stingwray Newbie

stingwray

Posted
Posted

Well apart from choosing obviously week passwords, the strength of a password is more dependent on how intelligent the person trying to crack it is.

Obviously more powerful systems are useful, but with good heuristics you can dramatically reduce the amount of key space that you have to search.

Example being if you know the password is greater than 5 characters long, then you know you don't need to check any passwords which are 5 characters or less in length. This is why that although strong password policies do increase password strength, it is also a little like occam's razor, as any potential attack can now reduce their key space.

The most interesting research is on how people actually pick their passwords and the frequency that which certain combinations and word mangling rules are used. Statistical analysis of this provides are large amount of information which you can then use to dramatically increase the chances of breaking a password.

At better way of analyzing the strength of a password is to look at the entropy of the password, passwords which are very random will have the highest security (obviously with a sufficiently long length), so a good start will be a statistical analysis of your password, to see if there are any pairs of characters which are very common in the language of your password, eg. 'th', 'st', 'ee' and 'oo' are all relatively common in english and for this reason should be avoided in your password. Even if you consider your password random, like '4IeeP%' a good cracker will prioritize checking possible passwords with common phrases in them first, making your password more likely to be found.

Also given the ease of access to large amount of computing power, through private networks or even botnets, checking large numbers of passwords is almost worryingly trivial for some now.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...