More efficient method to crack password than brute force?

Discussion in 'Web Applications' started by Tunde, Mar 6, 2017.

  1. I have been able to crack passwords, given their salts and their hashes, by using brute force.

    In the first place, the length of passwords was 3 and the salt length 2:

    e.g., hash: rrVo/xC.s5/hQ, salt: rr => password: thr (time: ~0m4.579s)

    Now, for passwords of length 4 and salt length 2:

    e.g., hash: ss1C5xfz6Nggg, salt: ss => password: four (time: ~7m19.531s)

    As I have said, these passwords were obtained using a brute force algorithm. It is useful for short password lengths: as the numbers of characters for the password increase, the required time to break the password grows exponentially.

    What I want to know is more efficient technique to reduce the search space.

    Additional info:

    a) Passwords are created using: A-Z, a-z, 0-9, and symbols: $, #, +, @, =, /, &

    b) I have been using the openssl command to generate the hashes and compared them to the given hash

    $ openssl passwd -crypt -salt rr thr

    in a bash script.
  2. Without any more information, you can not reduce the search space. Since you don't have any prior information about the password, you can't rule out any possible password from the search space.

    If your hash function (which you don't specify) has some vulnerabilities, you may be able to learn something about the password before starting the brute force attempt (starts with 'a', contains 'b' and so on...). Thus reducing the search space.

    Something else that may answer your need for faster password cracking is Rainbow Tables which are a precomputation you perform given the salt, to be able to find the password faster later. Rainbow Tables are used as a lookup table for a given hash.

Share This Page