Upload
sunil-beta-baskar
View
215
Download
0
Embed Size (px)
Citation preview
7/27/2019 Brute Force Cracking Passwords: The Folly
1/3
Brute Force CrackingWhy not pursue this folly?
The following is the first attempt at creating the solution space (ref: (Canter, George), Set Theory)
BitsPerByte
88
The number of bits per byte is a reminder of how large the byte space (8-bit) can be.8
ByteFieldMaxFull 2^BitsPerByte256
To make this calculation possible, we reduce the field to the bare minimum
MaxAlphabets 2626
AllAlphabetCases MaxAlphabets 126
NumericSymbolCount 10
10SpecialCharacterCount 1010
ReducedCharacterSpace AllAlphabetCases NumericSymbolCount SpecialCharacterCount46
ByteFieldMax ReducedCharacterSpace46
PasswordWidth 88
PrecisionDecimals 55
KiloByte 2^10
1024
MegaByte
KiloByte 21 048 576
GigaByte KiloByte 3
1 073 741 824
TeraByte KiloByte 4
1 099 511 627 776
PetaByte KiloByte 5
1 125 899 906 842 624
Time Measurement Units (Eastern Sexagesimal)Minutes 60
60
Hours Minutes 60
3600DayDiurnal Hours 2486 400
YearDiurnal 365.25 DayDiurnal
3.15576 107
CenturyDiurnal YearDiurnal 10^2
3.15576 109
MillenniumDiurnal YearDiurnal 10^3
3.15576 1010
EonMystic YearDiurnal 10^12
3.15576 1019
7/27/2019 Brute Force Cracking Passwords: The Folly
2/3
Nu mber of PasswordsGenerat ed
Generated Number of Passwords
MaxCombinations ByteFieldMax ByteFieldMax PasswordWidth
10520811100800
MaxOrderedPermutations
ByteFieldMax ByteFieldMax PasswordWidth PasswordWidth
424 199 103 584 256 000
Space Required to Store Passwords for Crack
SpaceInGigaBytesForPermutations NMaxOrderedPermutations GigaByte
3.9506620129966736`*^8
ChallengeTime 0.01
0.01
Worst Case Time required
TotalChallengeTime NMaxCombinations ChallengeTime
1.05208111008`*^11
Challenge Time inComputing
ChallengeComputingHours TotalChallengeTime Hours
2.922447528`*^7
4.5882333870912`*^13 computing hours
4.5882333870912`*^13 computing hours
ChallengeComputingYears TotalChallengeTime YearDiurnal
3333.8438603696095`
ChallengeComputingCenturies TotalChallengeTime CenturyDiurnal
33.3384386036961`
ChallengeComputingMillennia TotalChallengeTime MillenniumDiurnal
3.3338438603696097`
ChallengeComputingEons TotalChallengeTime EonMystic
3.33384386036961`*^-9
Calculation Complexity
RefExponent = N[(ByteFieldMax)*PasswordWidth]
368.`
ThetaBase = N[(RefExponent / MaxOrderedPermutations)]
8.675171561905634`*^-16
MaxLinearTheta = N[(ByteFieldMax)!]
5.502622159812089`*^57
ThetaMax = N[(MaxLinearTheta/RefExponent)]
1.4952777608185024`*^55
2 BruteForceCrackDeath.nb
7/27/2019 Brute Force Cracking Passwords: The Folly
3/3
Conclusion
In Conclusion, one must draw that a brute force cracking of any character field is only as good as the field size with
disastrous failings if applied in the sense of combinatrics to the extreme. However, this mathematical understanding is by
no means pointing the weakest link in a password, (the human mind.) Further failing here is by the fact that computers do
not use diurnal or ephemeris or any form of real time, they merely use ticks in the clock-driven model proposed by Von
Nuemann.
The alternative, therefore is to reduce field size as demonstrated above. However, that is the first reduction (that may also
result in error.)
In further work, a dictionary would further impose another limit that would aid in cracking passwords. These can be
further aided by dictionaries empowered by "rainbow-hashes" that make challenges faster. The assumed 0.01 second per
challenge, can be further reduced to 1 millisecond, but not much lesser than that even in extreme ideal scenarios. Even the
idea of a 0.01 second challenge is to first crunch all passwords and thereby render the challenge time as less as possible.
These are "archaic" techniques and may serve as an introduction to the novice as to why indulging in brute force cracking
might never yield results. To further complicate passwords, the field length of the password is just increased therebyreducing the possibility.
This must in no way be confused with the idea of cracking AES or DES keys who have a dependence on the existence of
large, mutually prime numbers that can thereafter be combined with a psuedo-random seed (usually entropy and not a
password) to attempt to strengthen encryption. Unfortunately entropy techniques on many SOHO / Personal Computers
can be replicated far too easily. The "Siren Trojans" (if I may coin such a term) would be a series of programs running in
the background of the OS (perhaps part of the OS itself) that forces entropy convergence and therefore defeats the
randomness of the seed. This of course is for later discussion.
Beta (betasam dot gmail period com)
2013
BruteForceCrackDeath.nb 3