Password cracking

[ampakine]

I was so pissed off about having downloaded a load of PDF files only to find out they were passworded that I decided to try and brute force one of them and to my amazement the little command line tool had the password in under 20 minutes. It was a 4 character password that was a random combination of letters and numbers. I was impressed by this so decided to learn about password cracking. I tried the same thing on a PDF that I put a 5 letter password on (horse) and it took about 3 hours to get the password lol. I'm guessing a 6 character password would take days. Firstly I was wondering about the terminology. Is the technique that tries all the words in a word list called a dictionary attack while the technique that tries every combination of characters called a brute force attack or are these kinda attacks all collectively known as brute forcing?

Other thing I was wondering is how much RAM you would need to brute force (trying every combo of characters) a 10 character password in a reasonable amount of time (under 24 hours). I'm thinking about the kinda passwords I like to use. Dictionary attacks are useless against my passwords and a brute force attack would take my computer years. The pdfcrack program I used only tries combos of letters (both cases) and numbers but didn't include special characters so it'd be useless against some of the passwords I use. An example of the kinda passwords I use is $nArKlErS56. Its easy to remember because I can sound it out in my head, 56 is a number I like the sound of and I usually arrange the cases so the password looks cool. Its very simple how I choose my passwords but its not so simple to crack these kinda passwords with any methods I know of yet. I'm a noob when it comes to password cracking I'm guessing some of you here have ways you could crack the kinda passwords I use. Then again maybe not since I can't really imagine how there could be an algorithm (besides plain old brute forcing the character combo) to do this kinda thing.

That example password up there is one of the stronger passwords I use. I don't use that kinda password for every day shit because it takes too long to type so instead I usually use a similar password but only use lower case letters.

EDIT:
I just came across this article:
http://www.readwriteweb.com/archives/ha ... 123456.php
which shows this table listing the most popular passwords from a sample of 32 million passwords:

Thats a pretty high percentage of the people using these insanely bad passwords so the total percentage of people using weak passwords must be pretty high.

[pretentious]

Firstly I was wondering about the terminology. Is the technique that tries all the words in a word list called a dictionary attack while the technique that tries every combination of characters called a brute force attack or are these kinda attacks all collectively known as brute forcing?

they are not collectively know as brute force. They both work the same way but the dictionary attack compares the hash against user defined passwords. This saves processing power by not bothering with unlikely passwords. As your picture shows, a great bulk of passwords are very common. There is a much greater chance of the password being "123456" than "$12^f)@"

Other thing I was wondering is how much RAM you would need to brute force (trying every combo of characters)

I'm only guessing but i don't think ram wouuld be an issue because nothing is remembered. The passwork cracking program will put "1111111" through an algorithm "7fa8282ad93047a4d6fe6111c93b308a" and compare the result to the hash you are trying to crack "7c6f9bb459d2945d8e9d12bd0e6cbe41". If they are not equal, which is evident, the program will forget about it and procede to "1111112"

I'm a noob when it comes to password cracking I'm guessing some of you here have ways you could crack the kinda passwords I use. Then again maybe not since I can't really imagine how there could be an algorithm (besides plain old brute forcing the character combo) to do this kinda thing.

Any password can be cracked given enough time. The reason why these hashing algorithms are used so widely is because they are one way algorithms, or something like that. It would actually take longer to analyse the resulting hash and get back to the original password than it takes to put every other possible password through the same algorithm. There are 3 ways to crack passwords that i can think of. brute force, which requires little memory but takes a long time, dictionary attack, which takes less time but requires memory to store the password list and then there is is rainbow tables, which are kind of half and half.

[tremor77]

I am curious as to how you hooked your command line tool to the PDF password box. Was it a command line tool specifically designed for PDFs?

[Ulven]

Command line, I guess.
For istance, if we had a program called "open-pdf" which would return 1 if the password is wrong, we could use it recursively to test a lot of password. Of course, it's a very slow way.

The main problem with password cracking is time:
To find an alphabetical password 8 bytes long we've got to test 26^8 different words.
Ok, passwords are case sensitive, 52^8 different words.
Alphanumerical password? 62^8.
And special chars?
I think brute force is not very helpful. We should have supercomputers, distributed calculus algorithms, super fast hard drive, multiples CPU.

If possible it's better to use dictionary attacks with a "home made" dictionary. To generate a dictionary you could use softwares like Jonh The Ripper. The more time you spend optimizing dictionaries with the infos you have about the password (length, special chars, uppercase or downcase ...) the less time you will need for the attack.
Other ways to make the attack faster consist in using fast drives for dictionary storing - flash drives for example, or, better, RAM, a lot of RAM - or use the GPU of latest Card instead of computer CPU. I heard GPUs are faster.

So, I hope being helpful and I hope my english wasn't too bad

[ampakine]

I am curious as to how you hooked your command line tool to the PDF password box. Was it a command line tool specifically designed for PDFs?

The program is called pdfcrack. Its in the Ubuntu repositories. I literally just typed pdfcrack lockedpdf.pdf into the terminal then checked on it a few minutes later later and it had the password for me. The password was something like H5SE. Thats the first time I've ever tried brute forcing anything so I'm glad I was only up against a 4 char password cuz seeing a password file cracked in under 10 minutes made me pretty optimistic about the whole thing. If it was 6 or more chars it woulda took days and I woulda gave up and lost faith in brute forcing techniques. I wanna try this out on rar files now but I can't get rarcrack (a linux command line tool) to work for some reason. I've been testing out john the ripper for cracking hashed passwords and noticed that it will, in a space of time, crack about 20% of the hashed passwords I harvest from google. Not very impressive but it works.

-- Sat Aug 06, 2011 2:26 pm --

I am curious as to how you hooked your command line tool to the PDF password box. Was it a command line tool specifically designed for PDFs?

The program is called pdfcrack. Its in the Ubuntu repositories. I literally just typed pdfcrack lockedpdf.pdf into the terminal then checked on it a few minutes later later and it had the password for me. The password was something like H5SE. Thats the first time I've ever tried brute forcing anything so I'm glad I was only up against a 4 char password cuz seeing a password file cracked in under 10 minutes made me pretty optimistic about the whole thing. If it was 6 or more chars it woulda took days and I woulda gave up and lost faith in brute forcing techniques. I wanna try this out on rar files now but I can't get rarcrack (a linux command line tool) to work for some reason. I've been testing out john the ripper for cracking hashed passwords and noticed that it will, in a space of time, crack about 20% of the hashed passwords I harvest from google. Not very impressive but it works.

BTW if anyone wants to try this out themselves heres the PDF file:
https://rapidshare.com/files/272702135/lockedfile.pdf

[mShred]

The program is called pdfcrack. Its in the Ubuntu repositories. I literally just typed pdfcrack lockedpdf.pdf into the terminal then checked on it a few minutes later later and it had the password for me. The password was something like H5SE. Thats the first time I've ever tried brute forcing anything so I'm glad I was only up against a 4 char password cuz seeing a password file cracked in under 10 minutes made me pretty optimistic about the whole thing. If it was 6 or more chars it woulda took days and I woulda gave up and lost faith in brute forcing techniques. I wanna try this out on rar files now but I can't get rarcrack (a linux command line tool) to work for some reason. I've been testing out john the ripper for cracking hashed passwords and noticed that it will, in a space of time, crack about 20% of the hashed passwords I harvest from google. Not very impressive but it works.

I believe JTR was initially developed to crack Unix hashes, but I may be wrong.

[centip3de]

Ah, but you're all forgetting about a password probability matrix...

Ok, the chances are non of you guys have heard of it, as it's been done once. Been documented once, and poorly at that... Anywho, if it ever goes under more rigorous testing, I believe it would be _the_ main password cracking tool for future generations.

[jgreen45]

While we are on the password topic:

http://xkcd.com/936/

Does a good representation on the myth on password security, which is based off of Steve Gibson's work on haystack passwords which can be found here here.

Still unbelievable that a password like "Octopodes eat the flying dolphin" is more secure against brute-forcing that F*&hg918qw.