TUCoPS :: Password Security :: devbrute.txt

11a on Brute Force Hacking 

-11A- DEV BRUTEFORCE -11A-

If there's an encrypted password, you can decrypt it.
Therefore, a saved password is a possible weakness.
What if someone got a copy of the password file?
It would be a severe, maybe unrecoverable security chaos.

So security experts sat down and thought about how to fight password cracking.
The hash/checksum algorithms were born.
Instead of saving the password, they saved a small value, and only a few passwords
would generate the same value, one in a thousand or maybe not even one in a million.

However, what they couldn't predict was the speed of computer development.
Within a few years computers they would have called "supercomputers" were available
for ordinary people (such as crackers and hackers).
The unencrytable passwords were about to be cracked.

Instead of trying to make smart mathematical attacks which math/computer scientists
had tried, crackers used a technic called Bruteforce.
Instead of some neat scientific calculations, bruteforce tests every possible combination.

A bruteforce never fails, if you just give it enough time.
You probably get a couple of false (but OK) passwords.
One possible problem could be that for example you search for contains characters you
haven't included in your bruteforce, like if you would search for passwords containing
only A, B and C and the password contain a D.

-------------------------------------------------------

Here's a short example of a bruteforce made in pascal.
It's really slow (you should only bruteforce with fast assembler codes)
but states the logic pretty well for all you high-level dudes....

procedure BruteForce (var code : string);
var b : byte;
label nextChar;
begin
  b := length(code);
nextChar:
  if code[b] =  brute_highest then begin
     code[b] := brute_lowest;
     if b > 1 then begin
       dec(b);
       goto nextChar;
     end else
       code := code + brute_lowest ;
  end else
     code[b]:= chr(1+ord(code[b]));
end;


-------------------------------------------------------




Here's an good bruteforce made in assembler for use in Pascal.
It's the fastest bruteforcer I ever seen, but you could speed it up somewhat if you
made it local, and kept data within the procedure instead of pushing it everytime
you called the procedure...

Don't ask me to explain it, I made it years ago and since then I've hardly even
looked at the source. All is happily forgotten ;-)

Observe: This code must be compiled with a {$F+} statement or within a unit.


procedure BruteForceAsm
          (var code : string; low, high : char); assembler;
asm
PUSH DS
LDS  BX,[BP+10]		{; get DS, string offset to BX}

xor     ch,ch
mov     cl,[bx]		{; length of string}
mov     dl,[BP+8]	{; lowest}
mov     dh,[BP+6]	{; highest}


@nextChar:
mov     si,bx		{;}
add     si,cx		{; si points to string[cx]}
cmp     [si],dh
jb      @charIsNotHighest
mov     [si],dl
cmp     cl,1
jbe     @incLength
loop    @nextChar
@incLength:
mov     cl,[bx]		{; string length}
inc	cl
mov	[bx],cl
add     bx,cx
mov     [bx],dl

jmp     @theEnd

@charIsNotHighest:
inc     byte ptr [si]
@theEnd:

POP DS
end;

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH