Random things go here

wow ur right all of them are legal in Gmail 0_o

-- Mon Jan 28, 2013 10:39 pm --

yeah but better than the results foshizzle got he was probably assuming between 1-16.

4,106,246,910,000,000

But this is taken any number of times.

for 8 we would have
n!/(k!(n-k)!)

k=8
n=93

KthProg
Poster

Posts: 219
Joined: Wed Jan 23, 2013 7:06 pm
Blog: View Blog (0)

KthProg wrote:yeah but better than the results foshizzle got he was probably assuming between 1-16.

He calculated 56^16, I think he may have meant 52 for 26*2 for upper/lower alphanumeric characters, without symbols...
So yes you are correct.
i.e. if you take num1^num2 for example, raising num2 has a greater output than if you added to num1.
i.e. 5^100 > 100^5 which would make 93^12 < 52^16
Last edited by -Ninjex- on Tue Jan 29, 2013 5:45 am, edited 1 time in total.
I don't care how ‘secure’ your systems are. If you have stupid people running them and using them, you can't win.

For those that know
K: 0x2CD8D4F9

-Ninjex-
Moderator

Posts: 1634
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)

lol er what?
i think ur thinking even harder than i am lol.
but also the fact that the program only changes it one character at a time would optimize it.

what im talking about is that the formula you two used to calculate the permutations doesnt account for the fact that at minimum the characters are being taken "8 at a time". using a^b doesnt apply in that situation.
either way I calculated 11 years lol.
of course thats assuming the persons password is //////////////// lol.

130 years though based on your 1m has/sec and those number of combos.

so obviously there are factors there that neither of us is aware of lol

KthProg
Poster

Posts: 219
Joined: Wed Jan 23, 2013 7:06 pm
Blog: View Blog (0)

KthProg wrote:
what im talking about is that the formula you two used to calculate the permutations doesnt account for the fact that at minimum the characters are being taken "8 at a time". using a^b doesnt apply in that situation.

 I see now, the algorithm just needs a small tweak... Firstly, there are 94 possible combinations, not 93
47 keys on your keyboard * 2 = 94
Code: Select all
`!1 -2 @2 -4 #3 -6 \$4 -8 %5 -10 ^6 -12 &7 -14 *8 -16 (9 -18 )0 -20 _- -22 += -24 Qq -26 Ww -28 Er -30 Rr -32 Tt -34 Yy -36 Uu -38 Ii -40 Oo -42Pp -44 {[ -46 }] -48 |\ -50 Aa -52 Ss -54 Dd -56 Ff -58 Gg -60 Hh -62 Jj -64 Kk -66 Ll -68 :; -70 "' -72 Zz -74 Xx -76 Cc -78 Vv -80 Bb -82 Nn -84 Mm -86 <, -88 >. -90 ?/ -92~` -94`

We need to take 94^8 + 94^9 + 94^10 + 94^11 + 94^12 + 94^13 + 94^14 + 94^15 + 94^16 + 94^17 + 94^18 + 94^19 + 94^20
This will be explained later as it's a bit tricky to understand..

In this formula, 94 is for the variety of input, uppercase letters, lowercase letters, and symbols.. A, a, !, etc...
20 is for the maximum length of the hash, and since we only want the amount of combinations between 8-20 length, we Need to in fact add 94^8 through 94^20 This will add everything in the range from 8-20 character length
I will explain this tricky mess later...

The answer for the amount of possibilities for inputs with characters the length of 8-20 is:
2,932,256,630,791,119,505,061,064,336,537,627,364,096
If you could output 100,000,000,000 combinations a second, it would take
3.117 X 10^37 years...

http://www.wolframalpha.com/input/?i=94 ... in+seconds

i.e. Let us hypothetically say that there are only 2 letters in the English alphabet: a, and b.
If we want to find the amount of passwords that are possible for 3 characters in length, we would say 2^3
We get the answer eight for 8 possible combinations
Check in the code for 3 length possibilites
Code: Select all
`1 length---------- 2x Combinationsa b2 length---------- 4x Combinationsaa bbab ba3 length---------- 8x Combinationsaaa bbbaab bbaaba bababb baa4 length---------- 16x Combinationsaaaa bbbbaaab bbbaaabb bbaaabbb baaaaaba bbababaa babbabab babaabba baab5 length----------- 32x Combinationsaaaaa bbbbbaaaab bbbbaaaabb bbbaaaabbb bbaaaabbbb baaaaabaaa babbbaabaa bbabbaaaba bbbababbaa baabbaabba bbaababbab baabaababb babaaabbba baaabababa babababaab babbaaabab bbaba`

What if we want the amount of hash combinations for 4-5 in length? We would say 2^5 + 2^4 and we get 48.
If you look at the code above, the amount of possibilities for 4-5 in length would in fact give the result of 48. It is a littler hard to understand, but it works.

Now for example let's say that we want all possibilities of 3-5 in length, we use 2^5 + 2^4 + 2^3 and we get the result of 56. By checking the chart with these numbers, we can see that the output is correct (32 possibilities for 5 length, 16 possibilities for 4 length, and 8 possibilities for 3 length. 32+16+8 = 56), and we can also make a conclusion of how this formula would work in your program and how long it would take... Forever...

p.s, I made all the combinations out of my head, so it might be wrong, but I am almost positive I didn't miss nor duplicate a possible combination.

Hope this helps,
- Ninjex
I don't care how ‘secure’ your systems are. If you have stupid people running them and using them, you can't win.

For those that know
K: 0x2CD8D4F9

-Ninjex-
Moderator

Posts: 1634
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)

I dont know where you are getting this formula but the formula for permutations involves factorials not powers.
4,106,246,912,127,360
Has consistently been the number of permutations i've calculated for all 8 character combinations of 93 characters.
5,595,818,096,650,401
in contrast, this is 93^8

if I could output 100,000,000,000 combination a second as you say, it would take me 47 days.
Im assuming then that 100,000,000,000 combinations is not a realistic figure.

1,000,000,000,000,000 flops on the fastest supercomputer lol
im pretty sure for simply testing combinations rather than floating point operations this would be much larger.

this would solve all 8 letters combinations in 4 seconds lol.
assuming each combination required (for some reason) a floating point operation

combinations
------------------------------------
458,929,076,000,000,000 16 letter
92,947,660,900,000,000 15
17,427,686,400,000,000 14
3,012,192,710,000,000 13
477,542,747,000,000 12
69,042,324,900,000 11
9,041,256,840,000 10
1,063,677,270,000 9
111,315,063,000 8

total
------
572,873,417,331,073,000

572 seconds (9.5 minutes) to test all combinations 8 - 16 letters with 94 different characters

so all we need is a supercomputer and a direct fiberoptic connection to the server we're going to hack lol...

KthProg
Poster

Posts: 219
Joined: Wed Jan 23, 2013 7:06 pm
Blog: View Blog (0)

We're not using permutations or combinations. If you have 3 possible letters (k) and a max password of 5 chars (n) we get:

k^n = 3^5 = 243

We Don't use factorials because you can use the same letter over and over. Ie. aaaaa or ababa

So, 93 possible chars for 8 letters in length,
93^8 = 5,595,818,096,650,401

k = 93
n = 16
k^n = 31,313,180,170,800,116,587,336,013,460,801
That's JUST those of length n. Not n!.
Here's what you get for all passwords of length 8 to 16: http://www.wolframalpha.com/input/?i=from+8+to+16+sum+93%5En
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.

fashizzlepop
Developer

Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)

KthProg wrote:I dont know where you are getting this formula but the formula for permutations involves factorials not powers

You don't have to use that formula, you can blame the education system for that one.

Read my post above, and look at how the formula works. I worked it all out and even made a chart showing every possible combination, and then showed you how it worked and how the math is correct. Please if you can tell me why it does not work out to the correct value, let me know.
I don't care how ‘secure’ your systems are. If you have stupid people running them and using them, you can't win.

For those that know
K: 0x2CD8D4F9

-Ninjex-
Moderator

Posts: 1634
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)

Alright well whats the actual value then?
How long would it take for the fastest super computer to calculate the results?
btw i understated that particular computers abilities by quite a bit.

its 17.59 p flops.
or
17,590,000,000,000,000 floating point operations per second.

Now if you could somehow get ahold of a supercomputers processing power, you could in a reasonable amount of time save all combinations to a hard drive or if you're nuts find a way to store them on memory then iterate through the premade combinations with a regular pc or tower which might be practical, other than the pretense of getting ahold of a supercomputer lol

KthProg
Poster

Posts: 219
Joined: Wed Jan 23, 2013 7:06 pm
Blog: View Blog (0)

KthProg wrote:Now if you could somehow get ahold of a supercomputers processing power, you could in a reasonable amount of time save all combinations to a hard drive or if you're nuts find a way to store them on memory then iterate through the premade combinations with a regular pc or tower which might be practical, other than the pretense of getting ahold of a supercomputer lol

It would still suck compared to a regular dictionary attack. Even after you write every combination in a file, when you want to bruteforce, it is going to have to cycle through all those combinations as well... Plus your dictionary would take up a crazy amount of space. However, if you wanted to you could make the list with all the combinations. You could then try regular dictionary attacks, and if they fail turn to yours with every combination. I still find it very inefficient and improbable to make a file with all those combinations.
I don't care how ‘secure’ your systems are. If you have stupid people running them and using them, you can't win.

For those that know
K: 0x2CD8D4F9

-Ninjex-
Moderator

Posts: 1634
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)

lol yeah prolly not practical.
in 20-30 years I bet it would be though lol so safe bet that we wont be using text for passwords by then.

KthProg
Poster

Posts: 219
Joined: Wed Jan 23, 2013 7:06 pm
Blog: View Blog (0)

PreviousNext