28

This article states:

Brute-force techniques trying every possible combination of letters, numbers, and special characters had also succeeded at cracking all passwords of eight or fewer characters.

There are 6.63 quadrillion possible 8 character passwords that could be generated using the 94 numbers, letters, and symbols that can be typed on my keyboard. I'm skeptical that that many password combinations could actually be tested. Is it really possible to test that many possibilities in a less than a year in this day and age?

Stephen Ostermiller
  • 483
  • 1
  • 5
  • 13

6 Answers6

34

As per this link, with speed of 1,000,000,000 Passwords/sec, cracking a 8 character password composed using 96 characters takes 83.5 days. Research presented at Password^12 in Norway shows that 8 character NTLM passwords are no longer safe. They can be cracked in 6 hours on machine which cost ~$8000 in 2012.

One important thing to consider is which algorithm is used to create these hashes (assuming you are talking about hashed passwords). If some computationally intensive algorithm is used, then the rate of password cracking can be reduced significantly. In the link above, author highlights that "the new cluster, even with its four-fold increase in speed, can make only 71,000 guesses against Bcrypt and 364,000 guesses against SHA512crypt."

Community
  • 1
Jor-el
  • 2,061
  • 17
  • 24
  • 2
    My core i3 laptop makes **1500** guesses per second on WPA handshake. – Vorac Oct 11 '13 at 13:20
  • 8
    For single iteration MD5, small GPU arrays (<20 cards) are now pushing into the 100Billion/second area. Large (intelligence agency) arrays will be several orders of magnitude faster. – lynks Oct 11 '13 at 13:34
  • 1
    One thing to keep in mind is that NTLMv1 passwords are particularly easy and so should not be extrapolated from. Because of how NTLM hashes passwords a 16 character password is takes only twice the amount of time to crack as an 8 character one. – Jeffrey Goldberg Oct 12 '13 at 04:19
  • 2
    Don't forget about salts. If an encryption algorithm uses arbitrary-length salts, it's effectively impossible to create all possible hashes with all possible salts (you'd need a new rainbow table for every possible salt). – Joe Jan 29 '14 at 21:53
  • 1
    Nobody is talking about rainbow tables here. This answer is talking about an attack on a stolen password database which probably contains a plaintext salt for each user account. Without a salt, any accounts with duplicate passwords don't require any additional work, but even with a salt the attack will proceed one account at a time without any rainbow tables required. Rainbow tables became outdated as soon as it became more efficient to just process all hashes in parallel every time, often using GPUs. – Ben Feb 03 '16 at 17:06
  • My AMD A8-4500M APU cracks **1600** guesses per seconds. Now I am going to try cracking using my integrated GPU – Suici Doga May 03 '16 at 05:40
  • Tried a AWS EC2 g3.16xlarge? 64 Cores, 488GiB memory? – Ali Aug 20 '17 at 03:35
  • "*They can be cracked in 6 hours.*" I feel like such statements should always be accompanied by hardware estimates. Either go "commodity hardware" (e.g. pooling a few common desktops like those your mom might use), "gaming hardware" in case you happened to use a gamer desktop for the GPUs (up to €2k or so), or a real cost estimate if it's more than that. Exception: if you used Apple hardware, divide by two. – Luc Mar 01 '18 at 18:54
  • @Luc Actually gaming hardware is often slower since Nvidia is the usual choice for gamers. Unlike AMD, Nvidia focuses on having fewer but more sophisticated cores. For something as simple and parallelizable as hashing, AMD's large number of comparatively simpler cores tends to be more effective. In the scale of core complexity from CPU on one end to ASIC on the other, AMD GPGPUs tend to be closer to the latter. – forest Mar 02 '18 at 23:39
  • @Vorac Each WPA handshake is protected by 4096 SHA-256 iterations, if I recall correctly. – forest Mar 29 '18 at 00:38
15

I saw this is not updated to 2018.

Hashcat breaks an 8 chars full coverage (a-zA-Z0-9!-=) password in 26 days on a single 1080 Nvidia GPU.

enter image description here

Here's a picture of a mining rig with GPUs that could also just as well be set up for hash cracking:

Bitcoin Rig

schroeder
  • 123,438
  • 55
  • 284
  • 319
a_at_cyber_dot_training
  • 151
  • 1
  • 4
  • [link](https://www.cyber.training/wp-content/uploads/2018/03/hashcat1.png) – a_at_cyber_dot_training Mar 02 '18 at 05:48
  • In t he link above you can see it takes 1:35H to guess a-zA-Z 8 chars password on a single 1080 card on my PC. a rig includes arbitrary numbers of cards. – a_at_cyber_dot_training Mar 02 '18 at 05:49
  • Adding a SHA256 8 CHARS a-zA-Z0-9. verified and broken. [link](https://www.cyber.training/wp-content/uploads/2018/03/DeadPass.png) – a_at_cyber_dot_training Mar 02 '18 at 16:55
  • SHA256 8 chars all chars no rule optimizations - 26 days single card + 19 cards motherboard by Asus, [link](https://www.cyber.training/wp-content/uploads/2018/03/26daysMaximumSecurity.png) and [link](https://www.asus.com/us/Motherboards/B250-MINING-EXPERT/) – a_at_cyber_dot_training Mar 02 '18 at 23:20
  • 2
    People, I'm putting a period on this. I was given the permission to edit, so I will. The *only* issue here is whether one rig can be called another and it cannot. Can the hardware be the same? Sure. But they are not equivallent. – schroeder Mar 03 '18 at 00:00
6

Possible? yes, but what brute force recovery duration is accepted as possible? Some numbers for 8 chars PW if randomly chosen from a 94 character set:

  • Windows PW (NTLM:1), using the above metioned 25 GPU recovery monster: 2.2 hours on average
  • WiFi (PBKDF2/SHA1:4096) using an 8 GPU recovery system: 98 year on average
  • 7ZIP (PBKDF2/SHA256:262144) using an 8 GPU recovery system: 26 centuries

So it is 'possible' for certain cases for us, may be yes in all above cases for some agencies.

Suppose your set of 'obtained' hashes contained 5 million password hashes, then even for the 98 year WiFi case, 145 keys will be found on day 1 (on average). If your password is amongst them, then you experience that also for the WiFi case it is indeed possible! .... if my calculations are right

Dick99999
  • 525
  • 5
  • 8
2

I know of one modest demonstration (Feb 2012, link) that claimed the power to make 400 billion guesses a second on a 25 GPU system. In that case, an 8 digit password would be blown in less than 6 hours; sooner depending on the brute-force method. But that assumes the attacker has access to the file that stores the encrypted password. And frankly, that is easy to do, if you have access to the computer itself. Even if you can't get to the HDD, the attacker would simply replace the keyboard with a computer that would send 'keystrokes' much faster than you could type. It might take longer, due to the speed of the USB connection, but human typing rate is not a good reference on this matter.

As a side note.....

On the issue of characters used in a password, this is not quite as simple as most people state. What matters most is what the attacker expects to have to tried, not what characters you chose. In other words, what matters most is what characters EVERYONE in the system uses, not just you. For example, a random sequence of 'X', 'Y' and 'Z' is just as hard to guess as a random sequence of all letters of the alphabet...as long as the attackers doesn't know you prefer X, Y, and Z. But if, despite the availability of 100 digits, it is known to the attacker that everyone is using only X, Y and Z, then the attacker can narrow down the brute-force attack and negate the benefit of 100 digit security system. The principal of this is identical to that of the dictionary attack. This is why sysadmins might force everyone to use different character types; to make sure that a would-be intruder has to try all permutations.

This is not to say the specific characters used in a password don't affect the speed at which it is broken. That is, when someone says "an 8 digit passwords take 10 years break," that 10 years is the MAXIMUM time required. A more accurate statement would be, "it takes 10 years to test all combination of 8 digit passwords." But the fact is that some passwords would be guessed much faster depending on the character selection and attack method. For example, if your password 100-character alphanumeric system (e.g. 0-9......A-Z), and the brute-force attack uses sequential guesses, then a password starting with a '0' will be broken at least 100x faster than a password that starts with LAST character in that sequence (let's call it 'Z'). But this is tricky to deal with since you can never know what order the attacker may use. For example, does the attacker consider A or 0 the first digit? And is Z or 9 the last digit? Or if the attacker knows that everyone uses passwords that starts with characters towards the end of the alphabet, then he/she may try brute-force in reverse-sequence, and the password that starts with '0' will be safer.

Unfortunately, the speed at which passwords are broken is as much about the number of digits as it is the predictability of human behaviour.

schroeder
  • 123,438
  • 55
  • 284
  • 319
codechimp
  • 121
  • 4
  • An "8 digit password would" in fact "be blown in less than" 1 millisecond. –  Feb 26 '15 at 20:40
  • 1
    The OP did state that it was an offline attack, so the attacker has the 'file', and your custom keyboard comment also doesn't seem to apply. – schroeder Feb 26 '15 at 22:48
  • Looking at password dumps, one can assume that the first character is an uppercase letter and the last is a number (e.g. Password1). Likewise, the first character is rarely a number if the rest of the password is not all numbers. The analysis of these patterns are used to optimize password cracking algorithms. So yes, **tl;dr:** optimized algorithms based on password use analysis can dramatically decrease the time to crack passwords over purely random permutations. – schroeder Feb 26 '15 at 22:55
1

From the bit9 blog:

In order for a password to be considered secure, it needs to be truly random and unique.

What Does it Mean to Be Truly Random?

Many people often choose a base word for their password, like “password,” and transform it to be logically “complex.” So they’ll replace letters with special characters or digits and add some capitalizations. So a password that was “password” becomes P@55w0rD. In fact, if each letter could be one of an uppercase, lowercase, or special character, there are 6,561 (38) versions of “password” – which is far from an unbreakable amount.

Thus, a hacker using a brute force technique isn’t just going to start with “aaaaaaaa” and go down the list, “aaaaaaab”, “aaaaaaac”, etc. He is going to apply intelligence to the cracking. That intelligence most often involves using common base words. So not only will he try cracking the very simple “password” but also all 6,561 versions, to include the complex “P@55w0rD”.

There are approximately 220,000 dictionary base words, meaning that even if you added up to three extra digits to your transformed, base-word-based password and formed something like “P@55w0rD123,” a computer would take about 26 minutes to crack it – no matter how long the password is. With complete randomness in a password, hackers can’t make common base word assumptions about your password and cut down the brute force space.

But that’s not all. A secure password must also be unique.

What Does it Mean to Be Unique?

Unfortunately, some companies still store actual text passwords in their databases instead of the hashes so if a hacker gets into the system, he now has more base words to add to his roster. So if you use the same password, or even base word, for two accounts and one of those is compromised, no matter how long or random it is, that hash and password are now known. The hacker can then log in to any account that you are using the same password for. This also means that if someone else uses your password, or some version of it as outlined above, you are compromised.

Luc
  • 31,973
  • 8
  • 71
  • 135
Matt
  • 11
  • 1
1

Just don't confuse password cracking techniques with brute force.

Brute force literally means starting with 1 character trying all possible alphabetically, then moving to 2 characters, 3, 4, etc...

Once an algorithm or a heuristic logic is applied it not called brute force anymore.

So why are people still talking about brute force? Reason is that for applying a brute force technique you do not need any special thinking, and the amount of people capable of running a brute force technique is probably 10 times bigger than the amount of those who can download a cracking tool from the internet and really use it for cracking password.

Another reason is that if I had chosen a hard 8 character password like j$d1Ya+3 the "smart" techniques are not going to help much, so some folks do want to understand how long will it take the brute force to work.

Benoit Esnard
  • 13,942
  • 7
  • 65
  • 65
mel
  • 11
  • 1