Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
Pages: (13) </ 1 2 [3] 4 5 6 7 8 ... >/

[ Track this topic :: Email this topic :: Print this topic ]

reply to topic new topic new poll
Topic: C question, loops< Next Oldest | Next Newest >
WDef Offline





Group: Members
Posts: 798
Joined: Sep. 2005
Posted: Jan. 13 2008,11:14 QUOTE

I'm don't think 4 chars of anything is very strong, though I'll have to look up what quenya is, or ask some Scandinavian friends!

Even that Perl one-liner will get through the full lower case 4-char password space in no time.

You probably know that each char of pw length increases the brute force crack time exponentially.

Even with humongous computing resources, brute force is likely to be a waste of time on good long random passwords from a wide space of chars including %!@#/\| .,  etc.  You start measuring crack times in aeons.  The weakness is usually in the relative non-randomness of the passphrase (recognizable words etc) or the encryption implementation itself.
Back to top
Profile PM 
curaga Offline





Group: Members
Posts: 2163
Joined: Feb. 2007
Posted: Jan. 13 2008,11:24 QUOTE

It's 4 words, not 4 chars. It's 30 chars total..

BTW, Quenya is Tolkien's high elvish. It's spoken in the movies too. That's a fun part too, as the subtitles say different things than the actors ;)


--------------
There's no such thing as life. Those mean little jocks invented it ;)
-
Windows is not a virus. A virus does something!
Back to top
Profile PM 
WDef Offline





Group: Members
Posts: 798
Joined: Sep. 2005
Posted: Jan. 13 2008,11:43 QUOTE

Quote
My password consists of 4 lowercase words of english, finnish and quenya.


Ah! Then that's a different problem.  I don't think any cracker in their right mind is going to try to brute force a 30-char passphrase.  Instead, they'll do a dictionary-based attack using the three nominated languages, perhaps first trying to narrow the search space using word frequencies.  But I'm not an expert.

I'm sure the answer to your Perl questions is yes but I have to eat now.
Back to top
Profile PM 
curaga Offline





Group: Members
Posts: 2163
Joined: Feb. 2007
Posted: Jan. 13 2008,11:51 QUOTE

:D

Sure, go have a meal.

Wordlists, well, since I'm pretty much the only one using Quenya in a password, I highly doubt anyone has put a wordlist up for it. And then there's the fact both finnish and quenya are suffix-based, ie a words meaning is modified by modifying the word, instead of prepositions like in english. So there are countless variations of a single word.


--------------
There's no such thing as life. Those mean little jocks invented it ;)
-
Windows is not a virus. A virus does something!
Back to top
Profile PM 
WDef Offline





Group: Members
Posts: 798
Joined: Sep. 2005
Posted: Jan. 13 2008,15:24 QUOTE

I have my doubts about this being a practical test for hardness at least in this particular universe and not for a passphrase built from words  - nonetheless, this should work in principle with those Finnish chars in the set.

Here I'm testing it on a blowfish encrypted file 'encryptedfile' with a simple 2-char  passphrase "at", which it brute force cracked in about 1 second.

Change the openssl command string to suit your rsa key cracking issue.

Code Sample

#!/usr/bin/perl
# curagacrack.pl

my $n = 30; # max len of passphrase

my @set = ( "ä", "ö", "a" .."z" ); # ranges and lists to permute
my $result;

sub create_perm($$){

   my($cur,$max)=@_;

   if($cur>=$max){
       # print "$result\n";
      setpgrp (0,0);
     system("echo $result | 2>/dev/null /opt/tor/local/bin/openssl bf -pass stdin -d -in encryptefile -out out.txt && file -b out.txt | grep -q '^ASCII text' && echo -n 'Found passphrase: ' && echo $result && kill 0");
       return;
   }

   for(@set){
       substr($result,$cur,1)=$_;
       create_perm($cur+1,$max);
   }
}

for ($j=1;$j<=$n;$j++){
create_perm(0,$j);
}


That will run the openssl command on each loop iteration (slow) and exit rudely when it is successful.  For a 30 char passphrase this may not be within the lifetime of this universe; you might like to prove the concept on a short passphrase.

I found the permutation code on another board and adapted.  There is other code on the perlmonks board which is probably more efficient.

It would be quicker to directly compare against the known password string also.

This doesn't filter out aaa etc.  Close the shell to kill it off, I didn't put a signal trap in.

(Revision for me since if I don't so a little Perl every few months it starts to look like Finnish to me ;=) ):
Back to top
Profile PM 
64 replies since Jan. 12 2008,13:35 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (13) </ 1 2 [3] 4 5 6 7 8 ... >/
reply to topic new topic new poll
Quick Reply: C question

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code