Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bruteforce output #74

Open
Tostino opened this issue Jan 26, 2023 · 2 comments
Open

Fix bruteforce output #74

Tostino opened this issue Jan 26, 2023 · 2 comments

Comments

@Tostino
Copy link
Collaborator

Tostino commented Jan 26, 2023

Combine the output of concecutive bruteforce matches prior to returning the result. This is ugly as can be right now with each letter going into a bruteforce match.

Note - this will change the scoring for these, which isn't quite right currently, as we don't properly guess the cardinality of the total bruteforce section of the password.

Example:

----------------------------------------------------------
Commands: estimate password (e); generate password (g); quit (q)
Please enter your command:
e
Please enter the password to estimate:
4@8({[</369&#!1/|
----------------------------------------------------------
Time to calculate: 9 ms
Password: 4@8({[</369&#!1/|
Entropy: 75.41990388226716
Your password meets the minimum strength requirement.
Time to crack: ONLINE_THROTTLED: infinite (>100000 centuries)
Time to crack: ONLINE_UNTHROTTLED: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_14: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_12: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_10: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_8: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_5: infinite (>100000 centuries)
Time to crack: OFFLINE_SHA512: 318 centuries
Time to crack: OFFLINE_SHA1: 39 centuries
Time to crack: OFFLINE_MD5: 13 centuries
-----------------------------------
Match Type: BruteForceMatch
Entropy: 3.3219280948873626
Token: 4
Start Index: 0
End Index: 0
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 5.044394119358453
Token: @
Start Index: 1
End Index: 1
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 3.3219280948873626
Token: 8
Start Index: 2
End Index: 2
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 5.044394119358453
Token: (
Start Index: 3
End Index: 3
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 5.044394119358453
Token: {
Start Index: 4
End Index: 4
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 5.044394119358453
Token: [
Start Index: 5
End Index: 5
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 5.044394119358453
Token: <
Start Index: 6
End Index: 6
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 5.044394119358453
Token: /
Start Index: 7
End Index: 7
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 3.3219280948873626
Token: 3
Start Index: 8
End Index: 8
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 3.3219280948873626
Token: 6
Start Index: 9
End Index: 9
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 3.3219280948873626
Token: 9
Start Index: 10
End Index: 10
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 5.044394119358453
Token: &
Start Index: 11
End Index: 11
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 5.044394119358453
Token: #
Start Index: 12
End Index: 12
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 5.044394119358453
Token: !
Start Index: 13
End Index: 13
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 3.3219280948873626
Token: 1
Start Index: 14
End Index: 14
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 5.044394119358453
Token: /
Start Index: 15
End Index: 15
Length: 1
-----------------------------------
Match Type: BruteForceMatch
Entropy: 5.044394119358453
Token: |
Start Index: 16
End Index: 16
Length: 1
----------------------------------------------------------
@formigarafa
Copy link

formigarafa commented Jan 27, 2023
edited
Loading

Hello, there @Tostino.

I have made a change on my project on what I believe would be the equivalent of this line on this project:
https://github.com/GoSimpleLLC/nbvcxz/blob/main/src/main/java/me/gosimple/nbvcxz/matching/DictionaryMatcher.java#L271

Something along the lines below.

    public List<Match> match(final Configuration configuration, final String password)
    {
        final List<Match> matches = new ArrayList<>();

        // Create all possible sub-sequences of the password
        for (int start = 0; start < password.length(); start++)
        {
            for (int end = start + 1; end <= search_end(start, password.length(), dictionary_identifier); end++)
            {
                final String split_password = password.substring(start, end);
                ...

I believe on your case, if you follow this direction there may be a few more things to adjust because I noticed you only iterate over the dictionaries further inside the nesting of for loops so you don't have an dictionary identifier at that point.
But even if you just limit to the size of the largest word among all dictionaries the performance would improve.

@Tostino Tostino mentioned this issue Jan 27, 2023
Open
@Tostino
Copy link
Collaborator Author

Tostino commented Feb 2, 2023

Alright this is now fixed by this commit: aebdd84

Example output:

Commands: estimate password (e); generate password (g); quit (q)
Please enter your command:
e
Please enter the password to estimate:
6c891879ed0a0bbf701d5ca8af39a766
----------------------------------------------------------
Time to calculate: 7 ms
Password: 6c891879ed0a0bbf701d5ca8af39a766
Entropy: 165.437600046154
Your password meets the minimum strength requirement.
Time to crack: ONLINE_THROTTLED: infinite (>100000 centuries)
Time to crack: ONLINE_UNTHROTTLED: infinite (>100000 centuries)
Time to crack: OFFLINE_ARGON2_ID: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_14: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_12: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_10: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_8: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_5: infinite (>100000 centuries)
Time to crack: OFFLINE_SHA512: infinite (>100000 centuries)
Time to crack: OFFLINE_SHA1: infinite (>100000 centuries)
Time to crack: OFFLINE_MD5: infinite (>100000 centuries)
-----------------------------------
Match Type: BruteForceMatch
Entropy: 165.437600046154
Token: 6c891879ed0a0bbf701d5ca8af39a766
Start Index: 0
End Index: 31
Length: 32
----------------------------------------------------------

It did impact the scoring as expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@formigarafa @Tostino