# Hashing Summary

In [6]:
from hashlib import md5

text = "passw"

md5(text.encode()).hexdigest()

'd79096188b670c2f81b7001f73801117'

## Bruteforcing a Hashed Password

In [7]:
%%time
from itertools import product
from hashlib import md5

base = "abcdefghijklmnopqrstuvwxyz"

hash_pw = 'd79096188b670c2f81b7001f73801117'

for pw in product(base, repeat=5):
    text_pw = "".join(pw)
    if hash_pw == md5(text_pw.encode()).hexdigest():
        print(text_pw)

passw
CPU times: user 6.48 s, sys: 0 ns, total: 6.48 s
Wall time: 6.49 s


## Password Length

When we assume that a user only uses randomly generated passwords, we can compute all the possible passwords with the following formula:

$$ (N)^n, $$

where $N$ is the number of possible characters and $n$ is the length of the password.

In [12]:
def compute_possible_passwords(num_chars, pw_length):
    num_pws = num_chars**pw_length
    print(f"With {num_chars} possible characters and a length of {pw_length}, {num_pws} passwords are possible.")
    print(f"Time to brute force {num_pws} passwords: {num_pws / (10_000_000 * 3600 * 24):.1f} days")
    print()
    

for i in range(4, 10):
    compute_possible_passwords(26*2 + 10 + 40, i)

With 102 possible characters and a length of 4, 108243216 passwords are possible.
Time to brute force 108243216 passwords: 0.0 days

With 102 possible characters and a length of 5, 11040808032 passwords are possible.
Time to brute force 11040808032 passwords: 0.0 days

With 102 possible characters and a length of 6, 1126162419264 passwords are possible.
Time to brute force 1126162419264 passwords: 1.3 days

With 102 possible characters and a length of 7, 114868566764928 passwords are possible.
Time to brute force 114868566764928 passwords: 132.9 days

With 102 possible characters and a length of 8, 11716593810022656 passwords are possible.
Time to brute force 11716593810022656 passwords: 13560.9 days

With 102 possible characters and a length of 9, 1195092568622310912 passwords are possible.
Time to brute force 1195092568622310912 passwords: 1383209.0 days



## Salted Hashes

To make hashes harder to crack, but easy to remember for the user, we append a salt to the password, and hash this combined string.

In [15]:
pw = 'super_secure'
salt = '9wqezrakjsdcQT%QETZUASFvansovciavQTTQFAJOVMASDV'

salted_pw = 'super_secure_salt'
combined_pw = pw + salt

print(md5(combined_pw.encode()).hexdigest())
#print(md5(salted_pw.encode()).hexdigest())

b2ca5756f00f6fc59075f3a4a9f00191


In [16]:
compute_possible_passwords(26 + 1, len(pw))
compute_possible_passwords(26 + 1, len(combined_pw))

With 27 possible characters and a length of 12, 150094635296999121 passwords are possible.
Time to brute force 150094635296999121 passwords: 173720.6 days

With 27 possible characters and a length of 59, 2821383260958014531084804730393168953719437088977599878666724657220634716408631037763 passwords are possible.
Time to brute force 2821383260958014531084804730393168953719437088977599878666724657220634716408631037763 passwords: 3265489885368072419437588355282737233307436267284498897555770622779326464.0 days



In [17]:
text = "sonne$hund_dReizehn.schulE"
compute_possible_passwords(26 * 2 + 10 + 10, len(text))

With 72 possible characters and a length of 26, 1952742179632648180960375487281873152836427055104 passwords are possible.
Time to brute force 1952742179632648180960375487281873152836427055104 passwords: 2260118263463713188085314809459900416.0 days

