How long would it take to crack an 8 digit password?

SexyGreyFox

SexyGreyFox

SexyGreyFox

Man of Honour
Joined
29 Mar 2003
Posts
57,658
Location
Stoke on Trent
Lets say you had a password like: !sY#@uE* which was protecting your data.

How long would it take to crack it just using normal means?
 
Surely you wouldn't know that without knowing what the password actually was? You could work out how long an algorithm would take to run through all the possible combinations, but for that you'd have to know what the algorithm is - so what exactly is 'normal means'?
 
It would be important to know how the password was processed in order to grant/deny access. It also depends on what hardware is available to the person trying to crack it, and what constitutes "normal" means.

The easiest ways to crack a password (that I know of) are:
* Using Rainbow tables (a pre-computed list of passwords and their corresponding encoded values - simply find the password file and match the encoded password to a corresponding plaintext version). IIRC, the largest tables are for 12 and 13 characters, taking up several terabytes.
* Brute force (maximum of 168^8 = 6.3*10^17 combinations) - there was a thread recently about a parallel processing application running on the gpu to crack passwords that might interest you.
 
wilko49 said:
It would be important to know how the password was processed in order to grant/deny access. It also depends on what hardware is available to the person trying to crack it, and what constitutes "normal" means.

The easiest ways to crack a password (that I know of) are:
* Using Rainbow tables (a pre-computed list of passwords and their corresponding encoded values - simply find the password file and match the encoded password to a corresponding plaintext version). IIRC, the largest tables are for 12 and 13 characters, taking up several terabytes.
* Brute force (maximum of 168^8 = 6.3*10^17 combinations) - there was a thread recently about a parallel processing application running on the gpu to crack passwords that might interest you.
Click to expand...

Alternatively - the password has to be stored somewhere on the system, usually in an encrypted folder. If you break that encryption then you have the password. I don't know about Windows or other operating systems but on Linux it's usually either MD5 or SHA1. MD5 can be broken relatively easily, SHA is a lot harder.
 
I tryed to do this when my boss put a password on our rotas. I got bored waiting after the 5th digit so put a keylogger on her computer instead. A lot easier. :D
 
Depends on the keyspace and the computer doing the cracking.

As has been alluded to, there are always preferable solutions to brute forcing - social engineering, keylogging, other forms of cracking...
 
You must log in or register to reply here.
Back
Top Bottom