## Crack Hashes From Statistics?

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

### Crack Hashes From Statistics?

Hey guys,
Just thought id ask your oppinion/s on if this idea would work.. The concept is to find the statistics of the hashes and their plaintext equivalents. So for md5:..
aa = 4124bc0a9335c27f086f24ba207a4912

A program can be made (which I have already done by the way), which will discover any 'patterns' and other statistics in a list of plaintext 'words'. So for the above example, my program checks for things like:
>A basic search: "how many a's are there in the hash? how many b's? etc", and then adds the statistics on to a scoring array
>A more complex search, taking into account the position of the characters, ie "how many a's in position 0 of 31? a's in position 1 of 31? etc"
>Another more complex search, using "patterns": "where is the pattern '412' found? what is the most common plaintext character in hashes that have this pattern?"

So thats my idea, iv done some research and test trials using my program, and I find that it seems to work.
It generates a list of statistics (a character set) which my other program can then use to crack in the least ammount of time it can. here is what my results *look* like:

hash_character:most_common_plaintext_characters->least_common_plaintext_characters
a:qwertyuiopasdfhg3579@\$^*(...
b:mnbvcxz';lkjhgfds?":><{}...
etc

So, any thoughts? Have I missed something? Anything else I need 2 consider? Is this a hopeless cause? (I know, rainbow tables are really good, but these statistics take up hardly any room at all)

The principle behind is this: for a dictionary consisting of an even number of each character (ie, 200 a's, 200 b's 200 c's - which is created by a plaintext word generater), there is an *uneven* distribution of hash characters (ie, 253 a's, 198 b's, 444 c's etc).
By leveraging this minor flaw, one can find the probability of a plaintext character behind each hash character.
Orion001
New User

Posts: 36
Joined: Tue Sep 09, 2008 5:44 am
Blog: View Blog (0)

### Re: Crack Hashes From Statistics?

I don't see how this can work.. even minor changes in plaintext completely change a hash.

Code: Select all
`\$ echo aaaaaaaaaaaaaa | md512bf9a18dee29d4d81f807db38f7b71e\$ echo aaaaaaaaaaaaaaa | md545226aa24b72ce0ccc4ff73eefe2e26f`

tgoe
Contributor

Posts: 715
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)

### Re: Crack Hashes From Statistics?

yes, but that is not quite how it works.

perhaps an an example of some of my results would clarify.. A dictionary of 2-character long words has been analysed (using a->z,A->Z,0->9, and 32 symbols). The hashes of all these words was generated in real-time, and analysed. The 'aa'/'ab' etc is the pattern in a hash, and the character that come after are the most common plaintext characters found in hashes which contain said pattern.

aa:C%RYS?q23H\pEFLTjy"+78^u,>W`{@XZ[]arst~0<GQ_ce#456:AUdiz&1KVov}IMOl\$)*.;BJNh|!9=fgkmD'b-x(wn/P
ab:v*0QS<=Hb!K\+24oz9E&>@DRU[ixGMVY^_u(.13Cef}#8BILZq%5J`w:Fm-67ANprs~\$,/Oghnty;dj'X)?T]al|c"{WPk
ac:(U{Td"0CRp}%',>I_k~AGfuxBJ!#+.9LOSY`es136DZ-?bmqvy*8:;=Xaw&4Pght2E)/7NQW[^lnz<FHKVcjo5M\\$@]ir|
af:E;vP0MR_6B!2p1Sbl|~KNVw-[r\$*=Zijsu7>CHLQ^`{#,/FTUXn%')38ahtz@Jdgkq"&+.59?DG]efoy}(I\m4:AWcx<YO
a2:lHr{'8=Cwjv9<NSYZ_e\$?FfEKPQaiu.57:Lct|6q+0;JUW`}#,->gz"&(2ABORXp%)1@I]kos!4Tdn/DV[^~GMm\byh*x3
a3:f5cTUZBKb,0<?GPRW;=Dnr&Xv"3HSu/9@C+-7dxz|6:I]glpt%AFNQ\ejw\$12Ek8[^_aqy}Os{~)hi!#(.>JVY`o'4*MLm
...etc....

So, using these results, if you, say, had a hash of "b30a87fed34c4aaefc780a03ba30bc61", then you could try to find the most common plaintext letters using patterns in the hash. Using the 'aa' in the above hash, then, reviewing the table above, one can see that the most common character would be 'C', followed by '%' and 'R'. The 'a3' in the hash would show that the character 'f' is most common with hashes containing that pattern.

So a program may find the most common plaintext character by consulting this table and examining all possible patterns in a specific hash. Hope this clarifies things. Im welcome to feedback

-- Sun Jul 05, 2009 7:17 pm --

Binary statistical hash cracker (will only generate statistics and analyse a specified hash)
URL: http://rapidshare.com/files/252134370/HashStatCracker.zip
>The statistics were generated using the plaintext.txt file - so when analysing hashes, try to use two-length character plaintext words. (ie, any word from the plaintext.txt file)
>please keep in mind this is still completely in developement, and has only been made for personal use, and may contain many errors/bugs, if you find any, let me know
>This has been compiled under windows, sorry! Shouldnt be too hard to convert to linux code, maybe I will if there's enough interest.
>To analyse your own MD5 hash, run the program, type 'a', then type '2', then enter your MD5 hash. (Should work fine)
>Generating statistics might not work properly at the moment.. unless you edit the source code.

Source Code (c++):
URL: http://rapidshare.com/files/252134627/HashCracker.cpp
>Any suggestions/ideas let me know
>May not be very well documented, once again, sorry bout that!

Some Other information:
URL: http://rapidshare.com/files/252134782/Info.txt
Orion001
New User

Posts: 36
Joined: Tue Sep 09, 2008 5:44 am
Blog: View Blog (0)