Jump to content

Password Speed Check


Deathdefyer2002
 Share

Recommended Posts

Hey,

I have been doing some research on passwords and it seems that different computers can crack passwords at different speeds. I am wondering if there is an APP or program that one can run to determine how many passwords per second your particular computer can run through. I know that people have estimates on different machines but I was wondering if there was a specific program that can be run on a specific machine to determine the exact speed. My ultimate goal is to calculate how long my PC would take to crack my password. I have a P4 Dual core 2.4 Ghz. I know that my machine isn't the BEST of the BEST but it is pretty good. I figure that if it would be unreasonable for my computer to crack the password then it should be secure enough in that the general public wont be able to crack it.

Thanks

Deathdefyer

Link to comment
Share on other sites

You need to take a sample and extrapolate them to give a estimate. For example, if your computer can generate, if your computer can calculate 10 hashes in 1 second, and there are 1000000 possible password hashes, your computer will take 100000 seconds to calculate all possible hashes.

Link to comment
Share on other sites

So managing to catch some ones encrypted password flying over the Internet (not exactly what I would call easy) and then been able to cracking it is worse then windows been exploitable as soon as it's on the Internet to the point that if you actually do put XP with no firewall or patches on the Internet it will be infected in 10 seconds or less with out the user touching it?

Link to comment
Share on other sites

the same goes for linux

no this is not true , i have a standard ubuntu installation and there are no open ports , you are not vulnerable to (most ) viruses , there is a standard firewall installed , ....

i'm pretty sure that linux (ubuntu) is more secure then windows

Link to comment
Share on other sites

While it is true that a RTM install of XP was highly unsecured when connected to public networks you have to remember that not only was the rise of home broadband connections unexpected by Microsoft, the people operating these systems were never techies. If you were to give an untrained operator a generic desktop install of linux from the same era, connected to a public network and without any security work done on it, it wouldn't last long either.

However, if you took a fully patched version of XP or Vista, complete with firewall and AV, put it behind nat+hardware firewall and gave the owner a standard 101 course on how not to get shafted, how would this compare to a similar Ubuntu setup security wise? My money is on them both being fairly secure until the operator makes a mistake.

The debian ssl fuck-up was worse in my books, simply because it was unexpected (if your running windows, your aware that you need to take care, where as linux users generally don't have that expectancy as a rule). It also involved stuff that is used on servers primarily where security and so forth is generally more considered. It was a bad fuckup, primarily given the developers approach which lead to the whole thing. It serves to remind everyone that no matter how open source and Free your OS is, you can't just blindly trust the people who made the thing.

Link to comment
Share on other sites

http://en.wikipedia.org/wiki/Rainbow_table

Basically the password is converted into gibberish and that is stored instead of your password (called hashing). If you work out every possible hash there is in advance, you can just take a hash and search your list of hashes for a match, thus giving you the password. Its a trade off between time and storage space. The more of the latter you have, the less of the former it takes.

Link to comment
Share on other sites

Ok, so assuming that the attacker is using a rainbow table... How can I see how fast it works? And... Can rainbow tables be used on ALL types of passwords? Does this mean that truecrypt is now that much more insecure? I'm very confused

Rainbow tables is very fast, as in as fast as it takes to read data... fast.

Can rainbow tables be used on ALL types of passwords?

Rainbow tables only works with password password hashing algorithms that never change (for example, the password hashing on Windows).

They are fairly useless against salted passwords in general or any modified implementations of the hashing algorithm.

Link to comment
Share on other sites

So for instance. Lets say I Encrypted a file with AES 256 using true crypt. How can I tell how many keys per second my computer is capable of trying. Now If I am correct in understanding this. If I use a rainbow table, the speed is determined by my HD speed. The faster my HD the quicker I can crack the password?

Link to comment
Share on other sites

You are confusing brute forcing a password (which is akin to dialing random numbers until you get the person your after) with a rainbow table lookup (which is akin to having a phone book, you just look through it until you find the right person and dial the number listed by there name).

Link to comment
Share on other sites

Hey,

I think I found my answer. For anyone else who read this and was waiting for the solution. I found out that John The Ripper has a feature called Test. This actually runs through a quick brute force and tells you how many passwords per second your particular computer can handle.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...