passwordcracker.me - good and bad passwords how-to password cracking goals

7/31/2019 PasswordCracker.me - Good and Bad Passwords How-To Password Cracking Goals

1/14

Good and Bad Passwords How-To

Password Cracking Goals, Techniques, Relative

Merits, and Times

WWW.PASSWORDCRACKER.ME

Password crackers are primarily after root or administrative account passwords when they

crack passwords. Their tools are password cracking programs that use password dictionaries

or brute force. The feature lists of common password cracking programs or tools are

discussed. Also listed are the suggested standard dictionary transformations for Crack, the

best known tool for cracking passwords. How long it takes to crack passwords and the

primary factors affecting password cracking times are covered. Why password dictionary

attacks dramatically lower brute force password cracking times is discussed.

Goals of the Cracker

Password Cracking Programs' Feature List

Password Cracking Program Examples

How Long Does It Take to Crack Passwords?

1


2/14


3/14


4/14

Reverse a word.

Duplicate a word.

Mirror a word, i.e. append the reversed word.

Rotate a word either left or right, i.e. move the first letter to the end or the last letter to

the front.

Upper case a word.

Lower case a word.

Make only the first letter a capital.

Male all but the first letter a capital.

Toggle the case of all characters.

Toggle the case of a character at a set position.

Minimum and maximum word lengths can be set or long words can be truncated at a set

length.

Suffixes (s, ed, ing) may be added to words.

First, last or any specific character may be deleted.

Characters can be replaced at a set location.

Characters can be inserted at a set location.

"Shift" the case, i.e. substitute the other character on the same key, e.g. 'a' and 'A' or '5'

and '%'.

Shift the characters left or right by keyboard position (so an 's' becomes an 'a' or 'd').

Replace all of one character with another.

Replace all characters of a class (for example vowels, letters, non letters, digits) with a

specific character.

Remove all occurrences of any character from a word.

Remove all characters of a class from a word.

Reject a word if it contains or doesn't contain a character, or characters from a class.

Reject a word if the first, last or set character is or is not a specific character or from a

class.

4


5/14

Reject a word unless it contains at least so many of a character or characters from a class.

In the forgoing a class might be any of the following: a letter, a vowel, a consonant, an

upper case letter, a lower case letter, a digit, a symbol or punctuation, a non letter (digits,symbols and punctuation), alphanumeric or one of several others. The length limits and

reject options don't increase the possibilities, but allow the cracker to skip "words" where a

particular type of transformation may not make much sense; this should improve the

cracking tool efficiency. For example, the dictionary may already contain normal words with

one or more digits already appended to the word. By not appending additional digits to such

"words", the cracking tool may save some time by not creating less likely passwords where

three or four digits are appended to a normal word.

Cracking Tool Examples

The words that the transformations operate on can be either from a standard dictionary

(word list, one per line) or from the user name and words (or names) extracted from the

/etc/passwd GECOS field. Crack appears to be limited to words from dictionaries. Rules can

be combined to perform multiple transformations on the words. Below is the list of actual

transformations suggested in the Crack 5 documentation:

Lower case pure alpha words.

Lower case and pluralize alpha words.

Append digits and punctuation to all pure alpha words.

Lower case and reverse pure alpha words.

Lower case and mirror pure alpha words.

Capitalize all alphanumeric words, i.e. first letter only.

Capitalize all alphanumeric words and add a variety of common punctuation so 'cats'becomes Cats! Cats? Cats. Cats, Cats- etc.

Upper case all alphanumeric words.

Remove vowels from pure alpha words.

Remove white space and punctuation from those words that have it.

Duplicate short words.

5


6/14

Perform most of the similar looking character substitutions identified in the list of don'ts.

Lower case and prepend digits (all words).

Capitalize then reverse alphanumeric words.

Reverse then capitalize words.

Upper case words adding common punctuation and swapping zero for O.

Upper case then duplicate, reverse and mirror words.

A number of the preceding transformations had length limitations which have been omitted

for simplicity.

How Long Does It Take to Crack Passwords?

Conceptually the easiest way to crack passwords is to generate character sequences

working through all possible 1 character passwords, then two character, then three

character, etc. This is the brute force attack previously mentioned. It could start at any

specific length password. Theoretically any possible password can be found this way, but

generally there is not sufficient computing power available to successfully accomplish this. A

number of factors determine how long a brute force attack will take. Some may be under a

system administrators control and others are not.

One factor is the amount of computing power available to solve the problem. Computing

power increases continually; Moore's law anticipated a doubling of processing power every

18 months and this has so far been a close approximation to reality. This works out to about

a 100 times increase each decade. Today a computer is likely to have approximately a

million times the computing power available when the first UNIX was developed.


Password cracking lends itself well to parallel processing on multiple machines with near

linear gains as more machines are applied to the problem. Someone with access to many

machines during off-hours at a company or educational institution may be able to apply lots

of computing power. Computers with a wide range of speeds may be available. Thus the

amount of computing power available for password cracking continually rises but the

amount available to a single cracker or group of crackers may vary by orders of magnitude

at any specific point in time.

6


7/14


8/14

used by NT as discussed on another page.

In early 2007 I wrote the following: ' The best reasonably recent estimates I've seen were

presented in the 2005 Ontario Universities Computing Conference. Johnathan Grahamindicated in a Power Point pressentation that "A G5 running at 2.7Ghz with a highly

optimized copy of John The Ripper hits 900,000 cracks per second.8 This was part of a

presentation that was very knowledgeable and presented in to an audience of computer

professionals. I've seen other much higher numbers recently but when looked at more

closely these may be for applications, including web sites, and there is no reason to assume

these should be a reliable indicator for cracking operating system passwords. This number is

entirely consistent with the progression one would expect from other widely cited cracking

studies. Though the figure may be approaching two years in age, the characterization of "a

highly optimized copy of John The Ripper" suggests many crackers will not make as effective

use of the resorces available to them.'

In other words the data that I used in 2007 to estimate cracking times was likely two and

perhaps three years old. Using Moore's law only and extrapolating from my original

calculations, my 2007 numbers should have been about 25 times faster than my 2001

numbers based on data from 2000, rather than merely 10 times faster. This time, late May

2012, I'm using Moore's law only and applying it to data from 2000. Allowing for doubling

every 18 months, in 12 years we get 2 ^ 8 or 256 times 100,000 or 2.56 million cracks per

second. I think in mid 2012, 25,000,000 cracks per second is a reasonable number for a fastdesktop - one with a fast Intel i7 or top end AMD 6 core processor.

The table below is calculated by assuming 25,000,000 encryption operations per second.

Password lengths from 3 to 15 are shown. The numbers at the top, 26 - 95, indicate the

number of characters from which the passwords are formed. 26 is the number of lower case

letters, 36 is letters and digits, 52 is mixed case letters, 69 is single case letters with digits,

symbols and punctuation, and 95 is all the displayable ASCII characters including mixed case

letters. The 69 and 95 numbers include the space which is not a legal password character on

many systems. But then there are a number of idotic systems that do not allow any

punctuation or symbols in their passwords. This includes at least one major bank which also

limits passwords to 8 characters; a major online brokerage service also has similar limits.

Why do some of the institutions with the most sensitive data have the worst possible

password policies? The times shown are the times to process the entire set of passwords

thus the average time to crack a specific password would be one half the listed times.


8


9/14

26 36 52

3 0.0007 seconds 0.0019 seconds 0.006 seconds



6 12.4 seconds 1.45 minutes 13.2 minutes

7 5.35 minutes 52.2 minutes 11.4 hours

8 2.32 hours 1.31 days 24.7 days

9 2.51 days 1.57 months 3.53 years

10 2.18 months 4.64 years 1.83 centuries

11 4.66 years 1.67 centuries 9.53 millennia

12 1.21 centuries 6.01 millennia 496 millennia

13 3.15 millennia 216 millennia 25,781 millennia

14 81.8 millennia 7,789 millennia 1.34e+6 millennia

15 2,127 millennia 280,408 millennia 6.97e+7 millennia

69 95

3 0.01 seconds 0.03 seconds

4 0.91 seconds 3.26 seconds

5 1.04 minutes 5.16 minutes

6 1.20 hours 8.17 hours

7 3.45 days 1.08 months

8 7.93 months 8.41 years

9 44.9 years 7.99 centuries

10 3.10 millennia 75.9 millennia

11 214 millennia 7215 millennia

12 14,772 millennia 685,388 millennia

13 1.02e+6 millennia 6.51e+7 millennia

9


10/14



* If you don't know what 5.88e+11 means

If you think I got the cracks per second wrong, or would like to see the effect of different

computer speeds, password lengths, or character set sizes try the Crack Time Calculator.

Even if a cracker has a thousand times more power available than assumed, i.e., 25,000,000

is significantly low, and the cracker can encrypt 25 billion passwords per second, it is still not

difficult to find passwords that can't easily be cracked. Ten character passwords using the

entire character set will do, as it will take about 7 years to work through all possible

passwords. Even this may be questionable as that is an average of 3.5 years for one fast

desktop. In 2001 I suggested 8 character passwords. Today, such passwords are inadequate

for important accounts.

Three things have changed that make strong passwords for important accounts more

important than ever. The replacement of single core computers with multi core computers

has quickly increased the computing power available in home and typical business

environments. I don't think Moore's law has changed with regard the the fastest computers

available, but I do think the change to multi core computers has caused a short term spike

in the total amount of computing power that is generally available. Today a mid range to

high end desktop has the processing power of supercomputer from not much more than a

decade ago. There is little reason to think most of these are much more secure than home

computers were in the past. I believe the average home computer represents only a modest

challenge to a skilled cracker and that there are millions of compromised computers in

homes and offices available to non owners for illicit use.

Second, a variety of cracking tools are available that take full advantage of multi core

computers and that are also network ready. Few tasks are better suited to distributed

network processing than password cracking. It doesn't matter whether these are computers

left on overnight in a business that only works in the day, or a college computer lab, or a

network of dozens to hundreds or more computers previously compromized by a cracker.

Even if someone is working on a computer that is working on cracking passwords, the

chances are good they will never notice that activity. I can run three, CPU intensive

processes on my six core AMD tower, and never notice that anything unusual was going on,

10


11/14

if I did not routinely check my performance monitors that record what each core is doing,

and log CPU levels continuously with custom tools I've developed.


Third, and probably most importantly, hacking or cracking has changed form a hobby like

activity persued for intellecutall satisfaction or reputation in certain "communities" to a

mainstream criminal activity. With the move of much commerce to the Internet, criminals

were bound to follow. Organized crime can spend as much on targeting a large financial

institution as big business can spend on computer security. Why not employ several

reasonably skilled crackers to do nothing but break into home and business computers to

assemble a network of slave computers to perform any computational task required. It's a

lot cheaper to steal CPU cycles than to buy the equipment to provide comparable

perfomance. How would you like criminals to have access to your bank or brokerage

account?

I extended the lengths of passwords covered by the table. This was primarily to show what

happens with all lower case letters. A well chosen 14 character, all lower case password is as

strong as a good 10 character password using mixed case, number, symbols and

punctuation. That's a mathematical fact. It may not seem right but it is. I will be discussing

strong lower case passwords on a new page in the near future. This is closely related to the

new Words Only option in the Password Generator.

Depending on the password and the brute force sequence, some passwords might fall

quickly. For example if passwords were generated in the order of ASCII collating sequence,

the poor password !!!111Aa might be found rather quickly, as the exclamation mark is the

first visible typeable character in the ASCII sequence.

Brute Force, Dictionary Comparison

The time to process a cracking dictionary is determined in a similar manner. The total

number of passwords to be tried, which is a product of the number of words in the

dictionary, times the number of transformations per word, is divided by the rate it takes to

encrypt passwords. Complex rule sets will impose an additional significant overhead. On

today's computers, small dictionaries (less than 100,000 words) with a few transformations

will complete in a few seconds. The total number of passwords with large dictionaries and

many transformations or huge dictionaries will be huge and the processing time

correspondingly large.

11


12/14

As brute force is the only alternative to dictionary based password cracking it's worth taking

a close look the table above. Look at how long it should take to crack eight character

passwords drawing from the 95 typeable characters. One simple statement should put this

in perspective. Not including NT systems, that have a seriously flawed password storage

method

It is highly unlikely that any cracker has ever gotten even a single password, eight characters

or longer, randomly created from the entire 95 printable ASCII character set.

Wrong!

This was written in 2001 and never changed. Then I listed the cracking time for all 8

character passwords as just under 2 millennia. Multi core processors were only in high end

servers and network cracking tools were not available. I know there is is a demonstration

project using a large network of volunteer computers that has cracked stronger passwords.

Things change quickly in the computer world and a decade plus is a long time.

If someone is cracking passwords for real, it means they have the hash file (the file of all

passwords) for some computer or institution. While no one might spend months or a year

trying to get your password, if they have the password file for online access to a major bank

or brokerage service they may have hundreds of thousands or even millions of passwords to

try to crack. For a criminal organization, that would easily be worth months of computer

time. All weak passwords would be cracked and many that looked like good passwords. If

you use this bank or brokerage service and your password is not mathmatecally strong, and

entirely free of any dictionary or related weaknesses, it will be one of those cracked.

Randomness does have it's surprises. If numbers are randomly selected from a billion

number sequence, there is a one in a billion chance that the first number will be drawn on

the first try. Very unlikely but still possible. To have a 1% chance of cracking a specific

random, 8 character password from the full character set takes about 20 years of

computing, at 100,000 passwords per second. This was true in 2001 when it was written.

Today, with one fast desktop, it would be less than a month.


An obscure word in the Afrikaans language, mirrored and all uppercased except the first

letter is more likely to be used as a password than any single random character sequence of

12


13/14

similar length. Further, where the single random sequence cannot be reliably found by

existing technology today, the Afrikaans derived password surely can; it's simply a matter of

the cracker having and choosing to apply sufficient resources. As a practical matter, it is

unlikely that many crackers will bother with unabridged dictionaries, and foreign language

dictionaries, especially obscure foreign languages, as the rewards will not likely match the

effort. Again, no longer true.

One of the password crackers today includes a multilingual unabridged dictionary with 21

languages. Interestingly Chinese, Indian, Spanish and Portugese are not included; this leaves

out the two most populous countries in the world and all of Central and South America.

Arabic and Farsi were also missing. Still it's a good indication where cracking tools are going.

Afrikaans was included, as were nearly all industrialized countries including Japan.

Any word and all the mechanical transformations that can be described to change that word

into something else is a subset of all possible combinations of the same characters. As the

length of the word increases, the standard transformations become an ever smaller subset

of the possible permutations. For a word of meaningful length, say more than 5 characters,

the word and its transformations is an infinitesimal subset of all possible combinations of

the same number of all characters. In other words, the longer the passwords to be cracked,

the larger the advantage of a dictionary based attack will be compared to a brute force

attack. Here "dictionary based attack" is understood to include custom programmed

dictionaries as described in a subsequent page in this section.

I discussed programmed dictionaries in 2001, eleven years before I ever saw a reference to

such a thing in conjunction with a password cracking tool discussed anywhere else. Now the

same tool that has the multilingual dictionary, has a programed dictionary that creates

passwords created by a popular password generator. The programmed dictionary feeds the

generated passwords directly to the cracking tool so that they do not need to be stored to

disk. It's easy to describe programmed dictionaries that have so many possible passwords,

no institution on Earth has enought disk space to store them. Huge dictionaries must be fed

directly to the cracking tool without using disk space. Five years ago this was not true, but it

is now clear, that every method of generating plausible passwords, is comming into use with

the cracking tools. Available computing power has increased to the point that all these CPU

intensive processes are now becoming practical. Though I cannot predict how long it will be,

it is now clear passwords have a finite lifespan, in which they must be replaced by a more

secure technology.


13


14/14

* Scientific Notation

Scientific notation may look odd to those not familiar with it, but for very large numbers, it's

easier to read than the conventional fixed notation. For medium size numbers (millions tobillions) it may not be easier to read, as long as a comma is used every three places, but it is

shorter. I chose to use it for all numbers, one million and larger. It's very appropriate

because all the cracking times are estimates based on assumptions, not the acutal time that

a specific operating systems's passwords would take to crack on a specific stand alone

computer or a network of known computers. The starting number I use, cracks (or

encriptions) per second, could be 3 to 6 orders of magnitude higher (1000 to 1,000,000

times faster) for NSA. It is possible it's lower and not very improbable it's even higher. No

one outside the agency will ever know.

Like many things, scientific notation, is best explained with some specific examples. 1.33e+6

is one and a third million. Scientific notation always starts with a floating point number

between 1.00 and 9.99999... Because there is no need for precision in my numbers I limit

them to three "significant figures." If 9.99999 stoped with 6 digits that would be 6

significant figures. Sometimes more significant figures are used but that is not relevant here.

I assume the "e" stands for exponent. The plus sign means a positive exponent; the decimal

point, plus as many zeroes as may be needed go to the right. (Negative exponents are used

for numbers smaller than 1.)

The number after the plus sign tells us how many places to move the decimal point. If it's 6,

it's for a number between one million and one not quite large enough to round up to an

even 10 million. 7 is for 10 to just under a hundred million. 9 is for one billion to just under

ten, and 11 for 100 billion to just under one trillion.


14

passwordcracker.me - good and bad passwords how-to password cracking goals

Documents