Random thought

General technological topics without their own forum go here

Random thought

Post by helliant on Wed Mar 28, 2012 5:33 pm
([msg=65288]see Random thought[/msg])

How long does everyone think it would take to brute force a HTS user account password? I've no intention of doing so I'm only curious how long such an unsophisticated attack would take with the capital, symbol and number in a string between six and the maximum length that i don't remember at the moment. :p
helliant
New User
New User
 
Posts: 4
Joined: Wed Mar 28, 2012 5:18 pm
Blog: View Blog (0)


Re: Random thought

Post by anarchy420x on Wed Mar 28, 2012 6:46 pm
([msg=65289]see Re: Random thought[/msg])

Too long
A broken clock is right twice a day, however, I am neither up that early nor up that late...
anarchy420x
Poster
Poster
 
Posts: 299
Joined: Thu Oct 16, 2008 12:43 am
Blog: View Blog (0)


Re: Random thought

Post by Bren2010 on Wed Mar 28, 2012 8:39 pm
([msg=65291]see Re: Random thought[/msg])

94 characters on the keyboard, your keyspace would be 689869781056 for a 6 character password, average response rate for HTS is 0.27 secs.

5,906.4 years to exhaust the keyspace for a 6 letter password
555,203.4 years for a 7 letter password
52,189,121.4 years for an 8 letter password
There is no maximum.

This is with no concurrency, of course, but the numbers are still outrageous.
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: Random thought

Post by WallShadow on Wed Mar 28, 2012 9:38 pm
([msg=65292]see Re: Random thought[/msg])

Theoretically, everyone else is write. Practically, no one ever does brute force attacks because:
1. By trying only several thousand passwords, you already create enough logs for the admin to see whats going on.
2. Hundreds of different systems have already been developed to automatically detect brute force attacks (and I have no doubt that this site has one installed), one of the simplest being captcha.
3. Due to the sheer amount of time you'd need to crack a complex password, it's usually much easier to find a vulnerability and exploit it.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 686
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: Random thought

Post by helliant on Wed Mar 28, 2012 10:21 pm
([msg=65294]see Re: Random thought[/msg])

so was there ever a practical use for them or did they just have a cool name?
helliant
New User
New User
 
Posts: 4
Joined: Wed Mar 28, 2012 5:18 pm
Blog: View Blog (0)


Re: Random thought

Post by Bren2010 on Thu Mar 29, 2012 2:45 pm
([msg=65307]see Re: Random thought[/msg])

They're a lot more useful when network latency is largely limited. For example, if you can manage to actually get the hash, you dramatically increase your number of attempts per second. However, you don't have to test all of the keyspace. In order to save time, a lot of SSH brute forcers use a pre-determined list of common usernames and passwords.
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: Random thought

Post by helliant on Thu Mar 29, 2012 8:47 pm
([msg=65315]see Re: Random thought[/msg])

right on so they are useful if you have an idea of what the username and password could be
helliant
New User
New User
 
Posts: 4
Joined: Wed Mar 28, 2012 5:18 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests