<h1> Demo - Easily Cracking Short Passwords </h1>

In [22]:
# import required libraries to perform demo
import random
import string
import itertools

In [25]:
# set character set to lower and upper case letters + numbers 0-9
avail_chars = string.ascii_letters + "0123456789"

In [26]:
# check character set results
print(avail_chars)

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789


<h2> Method 1: Randomly guessing a password that matches in legnth </h2>

In [41]:
# create function that randomly creates a password from a character set provided and compares it to the entered password
# allows repeats, follows no methodology (i.e. it's all random)
def rand_crack_pass(char_set, password):
    guess = ""
    attempts = 0
    while (guess != password):
        guess = ''.join(random.choices(char_set, k=len(password)))
        attempts += 1
        if (guess == password):
            return attempts,guess

In [42]:
attempts, guess = rand_crack_pass(avail_chars, "test")
print("Password: ", guess)
print("Attempts: ", attempts)

Password:  test
Attempts:  26087849


<h3> Result: </h3>
<p> While much less efficient than the choice represented below, it is still very possible to crack a short password by randomly guessing. There's always the chance that the first random guess will match the actual password; however, the probability of this ocurring goes down drastically as password length increases. </p>

<h2> Method 2: Generating every possible password and comparing (in order, no repeats) </h2>

In [45]:

# generates every possible password of the specified length in order based on the provided character set
def crack_password(char_set, password):
    count = 0
    for item in itertools.product(char_set, repeat=len(password)):
        guess = ''.join(item)
        count += 1
        if (guess == password):
            return count,guess

<p>Testing the same password that we did with the random method above </p>

In [46]:
# call function and print results
attempts, guess = crack_password(avail_chars, "test")
print("Password: ", guess)
print("Attempts: ", attempts)

Password:  test
Attempts:  4544744


<p> <b>Outcome: </b> Significantly more effective at cracking a 4 character password </p>

<p> Testing 5 character passwords </p>

In [48]:
# call function and print results
attempts, guess = crack_password(avail_chars, "pass1") # pass1 is an actual password that we use in our database
print("Password: ", guess)
print("Attempts: ", attempts)

Password:  pass1
Attempts:  221715402


<p> Testing 6 character passwords </p>

In [49]:
# call function and print results
attempts, guess = crack_password(avail_chars, "azi2c4")
print("Password: ", guess)
print("Attempts: ", attempts)

Password:  azi2c4
Attempts:  371522781


<h3> Result: </h3>
<p> This method of cracking generates every possible password from the character set that matches in length and compares it to the given password. As the character set grows, the number of passwords to generate increases, as well as the time to crack. Another way to prevent this type of attack is to increase the character set. This is why many websites require users to include special characters, numbers, and capital letters in their passwords during creation. </p>

In [None]:
!jupyter nbconvert --to html password_cracker.ipynb