Skip to content

Chapter 3.2: Weak password storage - test #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: 3.1-weak-password-storage/fix
Choose a base branch
from
Open

Chapter 3.2: Weak password storage - test #14

wants to merge 7 commits into from

Conversation

nxvl
Copy link
Owner

@nxvl nxvl commented Aug 9, 2019

Test

Every encryption algorithm can be theoretically cracked using brute-force attacks, this attack consist in trying multiple possible strings until one provides de desired hash. Said attacks are fairly expensive to perform as they take some time.

Given that we know the algorithm used for a hash we can create a very simple dictionary brute-force attack against the hash. We will be using the RockYou wordlist.

> $ time python crackpass.py f75778f7425be4db0369d09af37a6c2b9a83dea0e53e7bd57412e4b060e607f7 rockyou.txt
Password is: supersecret
python crackpass.py  rockyou.txt  0.32s user 0.01s system 99% cpu 0.325 total

Now that's just 1 password, if we had to crack thousands of passwords, the effort starts getting significant. That's where rainbow tables kick in.
The wikipedia definition describes rainbow tables as: "A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes."

Let's try to mass crack:

50 hashes

> $ time python rainbow-crack.py rockyou-rainbow.txt hashes-50.txt
[...]
password for b'73d07a303cc50a5423ae72081cafe4e50a2fb1a0ef161d55e332e8533c5e25a0' is b"b'vane944218'"
password for b'2c2d908b313fb71b5592ae4a44dfad2dbedd1832915a97a547d58e4c09a8ee49' is b"b'Robert7681'"
python rainbow-crack.py rockyou-rainbow.txt   10.98s user 1.50s system 99% cpu 12.484 total

100 hashes

> $ time python rainbow-crack.py rockyou-rainbow.txt hashes-100.txt
[...]
password for b'37325783f2e3763b14f25d3a28edc90fbd08283fffa9b446d827ad60c0d19272' is b"b'raaces'"
password for b'6df380dbe975a3bb65a880360e84584fdacea1455c27aa7ffef9a4b639592259' is b"b'mattlvu'"
python crackers/rainbow-crack.py ~/Downloads/rockyou-rainbow.txt   10.83s user 1.52s system 99% cpu 12.367 total

200 hashes

> $ time python rainbow-crack.py rockyou-rainbow.txt hashes-200.txt
[...]
password for b'53ad0738f0356042ae89f837767078f39492fc9b29e60fe056be5cefa9e9b510' is b"b'shaiyshaiy'"
password for b'9459c1e60e359f9f646bfe92a3a1ff1167a3b6d816290d09a33cdf8a565b15c6' is b"b'kuizenga'"
python crackers/rainbow-crack.py ~/Downloads/rockyou-rainbow.txt   10.99s user 1.53s system 99% cpu 12.541 total

As can be seen with Rainbow tables the cracking time is fairly linear, it takes around 11s for almost any case, most of the time is probably spend on loading up the DB, which can be optimized, but for the sake of this example we have done on a non-ideal way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nxvl