Deathdefyer2002 Posted May 29, 2008 Share Posted May 29, 2008 Hey, I have been doing some research on passwords and it seems that different computers can crack passwords at different speeds. I am wondering if there is an APP or program that one can run to determine how many passwords per second your particular computer can run through. I know that people have estimates on different machines but I was wondering if there was a specific program that can be run on a specific machine to determine the exact speed. My ultimate goal is to calculate how long my PC would take to crack my password. I have a P4 Dual core 2.4 Ghz. I know that my machine isn't the BEST of the BEST but it is pretty good. I figure that if it would be unreasonable for my computer to crack the password then it should be secure enough in that the general public wont be able to crack it. Thanks Deathdefyer Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 29, 2008 Share Posted May 29, 2008 You need to take a sample and extrapolate them to give a estimate. For example, if your computer can generate, if your computer can calculate 10 hashes in 1 second, and there are 1000000 possible password hashes, your computer will take 100000 seconds to calculate all possible hashes. Quote Link to comment Share on other sites More sharing options...
Deathdefyer2002 Posted May 30, 2008 Author Share Posted May 30, 2008 So how would I do that? Is there any specific programs? Quote Link to comment Share on other sites More sharing options...
VaKo Posted May 30, 2008 Share Posted May 30, 2008 Take a rainbow tables or something like that. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted May 30, 2008 Share Posted May 30, 2008 Remember, anyone worth worrying about will have rainbowtables or access to them so it's how fast your computer can read data, not calculate hashes. Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 30, 2008 Share Posted May 30, 2008 Remember, anyone worth worrying about will have rainbowtables or access to them so it's how fast your computer can read data, not calculate hashes. But I use Ubuntu. (not referring to OpenSSL) Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted May 30, 2008 Share Posted May 30, 2008 But I use Ubuntu. (not referring to OpenSSL) Even tho I use debian, I loveed the ssl exploit it's as bad if not worse then anything MS has ever done Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 31, 2008 Share Posted May 31, 2008 Even tho I use debian, I loveed the ssl exploit it's as bad if not worse then anything MS has ever done You think it's worse than the problems XP had when it was launched? Let me just, you know, throw I link out there http://www.symantec.com/security_response/...-081113-0229-99 Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted May 31, 2008 Share Posted May 31, 2008 a exploit that allows any skiddy to crack just about every debian/ubuntu server's user password vs a worm that targets a large corporation who is already ready to handle a DDoS attack? yes I do Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 31, 2008 Share Posted May 31, 2008 So managing to catch some ones encrypted password flying over the Internet (not exactly what I would call easy) and then been able to cracking it is worse then windows been exploitable as soon as it's on the Internet to the point that if you actually do put XP with no firewall or patches on the Internet it will be infected in 10 seconds or less with out the user touching it? Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted May 31, 2008 Share Posted May 31, 2008 with no firewall or patches on the Internet it will be infected in 10 seconds or less with out the user touching it? the same goes for linux Quote Link to comment Share on other sites More sharing options...
ls Posted May 31, 2008 Share Posted May 31, 2008 the same goes for linux no this is not true , i have a standard ubuntu installation and there are no open ports , you are not vulnerable to (most ) viruses , there is a standard firewall installed , .... i'm pretty sure that linux (ubuntu) is more secure then windows Quote Link to comment Share on other sites More sharing options...
moonlit Posted May 31, 2008 Share Posted May 31, 2008 Yes, let's all bash Windows. Whoop-de-do. Quit being fanboys. Quote Link to comment Share on other sites More sharing options...
VaKo Posted May 31, 2008 Share Posted May 31, 2008 While it is true that a RTM install of XP was highly unsecured when connected to public networks you have to remember that not only was the rise of home broadband connections unexpected by Microsoft, the people operating these systems were never techies. If you were to give an untrained operator a generic desktop install of linux from the same era, connected to a public network and without any security work done on it, it wouldn't last long either. However, if you took a fully patched version of XP or Vista, complete with firewall and AV, put it behind nat+hardware firewall and gave the owner a standard 101 course on how not to get shafted, how would this compare to a similar Ubuntu setup security wise? My money is on them both being fairly secure until the operator makes a mistake. The debian ssl fuck-up was worse in my books, simply because it was unexpected (if your running windows, your aware that you need to take care, where as linux users generally don't have that expectancy as a rule). It also involved stuff that is used on servers primarily where security and so forth is generally more considered. It was a bad fuckup, primarily given the developers approach which lead to the whole thing. It serves to remind everyone that no matter how open source and Free your OS is, you can't just blindly trust the people who made the thing. Quote Link to comment Share on other sites More sharing options...
Deathdefyer2002 Posted May 31, 2008 Author Share Posted May 31, 2008 Ok, so assuming that the attacker is using a rainbow table... How can I see how fast it works? And... Can rainbow tables be used on ALL types of passwords? Does this mean that truecrypt is now that much more insecure? I'm very confused Quote Link to comment Share on other sites More sharing options...
VaKo Posted May 31, 2008 Share Posted May 31, 2008 http://en.wikipedia.org/wiki/Rainbow_table Basically the password is converted into gibberish and that is stored instead of your password (called hashing). If you work out every possible hash there is in advance, you can just take a hash and search your list of hashes for a match, thus giving you the password. Its a trade off between time and storage space. The more of the latter you have, the less of the former it takes. Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 31, 2008 Share Posted May 31, 2008 Ok, so assuming that the attacker is using a rainbow table... How can I see how fast it works? And... Can rainbow tables be used on ALL types of passwords? Does this mean that truecrypt is now that much more insecure? I'm very confused Rainbow tables is very fast, as in as fast as it takes to read data... fast. Can rainbow tables be used on ALL types of passwords? Rainbow tables only works with password password hashing algorithms that never change (for example, the password hashing on Windows). They are fairly useless against salted passwords in general or any modified implementations of the hashing algorithm. Quote Link to comment Share on other sites More sharing options...
Deathdefyer2002 Posted May 31, 2008 Author Share Posted May 31, 2008 So for instance. Lets say I Encrypted a file with AES 256 using true crypt. How can I tell how many keys per second my computer is capable of trying. Now If I am correct in understanding this. If I use a rainbow table, the speed is determined by my HD speed. The faster my HD the quicker I can crack the password? Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 1, 2008 Share Posted June 1, 2008 When using a rainbow table, you aren't cracking the hash, it has already been cracked, you are just looking it up. Quote Link to comment Share on other sites More sharing options...
VaKo Posted June 1, 2008 Share Posted June 1, 2008 You are confusing brute forcing a password (which is akin to dialing random numbers until you get the person your after) with a rainbow table lookup (which is akin to having a phone book, you just look through it until you find the right person and dial the number listed by there name). Quote Link to comment Share on other sites More sharing options...
Deathdefyer2002 Posted June 2, 2008 Author Share Posted June 2, 2008 Hey, I think I found my answer. For anyone else who read this and was waiting for the solution. I found out that John The Ripper has a feature called Test. This actually runs through a quick brute force and tells you how many passwords per second your particular computer can handle. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.