Crack Hashes From Statistics?

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

Crack Hashes From Statistics?

Post by Orion001 on Sat Jun 20, 2009 8:05 pm
([msg=25669]see Crack Hashes From Statistics?[/msg])

Hey guys,
Just thought id ask your oppinion/s on if this idea would work.. The concept is to find the statistics of the hashes and their plaintext equivalents. So for md5:..
aa = 4124bc0a9335c27f086f24ba207a4912

A program can be made (which I have already done by the way), which will discover any 'patterns' and other statistics in a list of plaintext 'words'. So for the above example, my program checks for things like:
>A basic search: "how many a's are there in the hash? how many b's? etc", and then adds the statistics on to a scoring array
>A more complex search, taking into account the position of the characters, ie "how many a's in position 0 of 31? a's in position 1 of 31? etc"
>Another more complex search, using "patterns": "where is the pattern '412' found? what is the most common plaintext character in hashes that have this pattern?"

So thats my idea, iv done some research and test trials using my program, and I find that it seems to work.
It generates a list of statistics (a character set) which my other program can then use to crack in the least ammount of time it can. here is what my results *look* like:

hash_character:most_common_plaintext_characters->least_common_plaintext_characters
a:qwertyuiopasdfhg3579@$^*(...
b:mnbvcxz';lkjhgfds?":><{}...
etc

So, any thoughts? Have I missed something? Anything else I need 2 consider? Is this a hopeless cause? (I know, rainbow tables are really good, but these statistics take up hardly any room at all)

[edit]

The principle behind is this: for a dictionary consisting of an even number of each character (ie, 200 a's, 200 b's 200 c's - which is created by a plaintext word generater), there is an *uneven* distribution of hash characters (ie, 253 a's, 198 b's, 444 c's etc).
By leveraging this minor flaw, one can find the probability of a plaintext character behind each hash character.
Orion001
New User
New User
 
Posts: 36
Joined: Tue Sep 09, 2008 5:44 am
Blog: View Blog (0)


Re: Crack Hashes From Statistics?

Post by tgoe on Wed Jun 24, 2009 12:48 am
([msg=25848]see Re: Crack Hashes From Statistics?[/msg])

I don't see how this can work.. even minor changes in plaintext completely change a hash.

Code: Select all
$ echo aaaaaaaaaaaaaa | md5
12bf9a18dee29d4d81f807db38f7b71e

$ echo aaaaaaaaaaaaaaa | md5
45226aa24b72ce0ccc4ff73eefe2e26f
User avatar
tgoe
Contributor
Contributor
 
Posts: 638
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Crack Hashes From Statistics?

Post by Orion001 on Fri Jun 26, 2009 1:17 am
([msg=25927]see Re: Crack Hashes From Statistics?[/msg])

yes, but that is not quite how it works.

perhaps an an example of some of my results would clarify.. A dictionary of 2-character long words has been analysed (using a->z,A->Z,0->9, and 32 symbols). The hashes of all these words was generated in real-time, and analysed. The 'aa'/'ab' etc is the pattern in a hash, and the character that come after are the most common plaintext characters found in hashes which contain said pattern.

aa:C%RYS?q23H\pEFLTjy"+78^u,>W`{@XZ[]arst~0<GQ_ce#456:AUdiz&1KVov}IMOl$)*.;BJNh|!9=fgkmD'b-x(wn/P
ab:v*0QS<=Hb!K\+24oz9E&>@DRU[ixGMVY^_u(.13Cef}#8BILZq%5J`w:Fm-67ANprs~$,/Oghnty;dj'X)?T]al|c"{WPk
ac:(U{Td"0CRp}%',>I_k~AGfuxBJ!#+.9LOSY`es136DZ-?bmqvy*8:;=Xaw&4Pght2E)/7NQW[^lnz<FHKVcjo5M\$@]ir|
ad:5MOgc|h(\{+3J09=?PTj#'/14LQRUYns;D[dp<CaiyzWo2:EGSV]_vw)6Ik}!*-8bqtx~"7>FNlu,.$AH@emrBK^`%Zf&X
ae:{ZUd.yz#+,61L^hkm8J&=HVYo|%4ADPSW[x*57;?FXf'@RTlnsuw}$(0IQ`ir!23B]agpv~>CEGet<\jKO_")9Nb-/Mqc:
af:E;vP0MR_6B!2p1Sbl|~KNVw-[r$*=Zijsu7>CHLQ^`{#,/FTUXn%')38ahtz@Jdgkq"&+.59?DG]efoy}(I\m4:AWcx<YO
a0:De"u<2tI_+LPV&HQUWj$`gpx#,=Yy)15?@FJTXadov|%ACO]^q047BE\b~/;GNfhklm':Rs{(*689S3>Znwz.K}[ir!Mc-
a1:)*.1[CSw]q2=@ks|}7`aelx':IXiPjry#4Fn~3Wb(ADNRVdmv&-9BGQ!%/05HJKL^fot68<puz>OUYh+,MTZ;Ec"$\_g{?
a2:lHr{'8=Cwjv9<NSYZ_e$?FfEKPQaiu.57:Lct|6q+0;JUW`}#,->gz"&(2ABORXp%)1@I]kos!4Tdn/DV[^~GMm\byh*x3
a3:f5cTUZBKb,0<?GPRW;=Dnr&Xv"3HSu/9@C+-7dxz|6:I]glpt%AFNQ\ejw$12Ek8[^_aqy}Os{~)hi!#(.>JVY`o'4*MLm
...etc....

So, using these results, if you, say, had a hash of "b30a87fed34c4aaefc780a03ba30bc61", then you could try to find the most common plaintext letters using patterns in the hash. Using the 'aa' in the above hash, then, reviewing the table above, one can see that the most common character would be 'C', followed by '%' and 'R'. The 'a3' in the hash would show that the character 'f' is most common with hashes containing that pattern.

So a program may find the most common plaintext character by consulting this table and examining all possible patterns in a specific hash. Hope this clarifies things. Im welcome to feedback

-- Sun Jul 05, 2009 7:17 pm --

perhaps a downloadable version would be helpfull...

Binary statistical hash cracker (will only generate statistics and analyse a specified hash)
URL: http://rapidshare.com/files/252134370/HashStatCracker.zip
>The statistics were generated using the plaintext.txt file - so when analysing hashes, try to use two-length character plaintext words. (ie, any word from the plaintext.txt file)
>please keep in mind this is still completely in developement, and has only been made for personal use, and may contain many errors/bugs, if you find any, let me know
>This has been compiled under windows, sorry! Shouldnt be too hard to convert to linux code, maybe I will if there's enough interest.
>To analyse your own MD5 hash, run the program, type 'a', then type '2', then enter your MD5 hash. (Should work fine)
>Generating statistics might not work properly at the moment.. unless you edit the source code.

Source Code (c++):
URL: http://rapidshare.com/files/252134627/HashCracker.cpp
>Please keep in mind its made for windows
>Any suggestions/ideas let me know
>May not be very well documented, once again, sorry bout that!

Some Other information:
URL: http://rapidshare.com/files/252134782/Info.txt
Orion001
New User
New User
 
Posts: 36
Joined: Tue Sep 09, 2008 5:44 am
Blog: View Blog (0)



Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests