Introduction
People are frequently misguided and look at the password brute-forcing (password cracking) as on a miracle approach to gain access to something, especially people not engaged in IT industry, non-tech folks (not sure if Hollywood is to blame).
In any case, numerous times we’ve received inquiries from people asking us to “brute-force” some hashes or Facebook / Instagram login, and sorry to say people, it simply doesn’t work like that, or at very least not always. There was a situation in which person asked us to “recover” an Instagram account, where he/she knew some specifics related to the password itself, more on this later.
Password Cracking [Benchmark and Stats]
Times have changed, hardware got “cheaper”, graphics cards and mining rigs are “widely” available, but even that might not be enough. Password cracking difficulty varies, depending on the number of chars, length, hash type, etc.
The number of possible combinations is calculated using the following formula:
If we compare MD5
with SHA1
:
MD5 | SHA | |
Message Digest Length | 128 Bits | 160 Bits |
Attacks required to find original message | 2 128 bit opeartions required to break | 2 160 bit operations required to break |
Attacks to try and find two messages producing the same MD | 2 64 bit operations | 2 80 bit operations |
Speed | 64 iterations (faster) | 80 iterations |
Looking at the HashCat benchmark below, we can see some of the relations between different types of hashes on machine with two Sapphire R580 (8GB) cards:
Hashmode: 0 - MD5
Speed.#1………: 10105.1 MH/s (104.69ms) @ Accel:256 Loops:512 Thr:256 Vec:1
Speed.#2………: 10621.0 MH/s (99.77ms) @ Accel:256 Loops:512 Thr:256 Vec:1
Speed.#*………: 20726.0 MH/s
Hashmode: 100 - SHA1
Speed.#1………: 3575.9 MH/s (73.75ms) @ Accel:256 Loops:128 Thr:256 Vec:1
Speed.#2………: 3752.9 MH/s (70.44ms) @ Accel:256 Loops:128 Thr:256 Vec:1
Speed.#*………: 7328.7 MH/s
Hashmode: 1400 - SHA2-256
Speed.#1………: 1538.1 MH/s (85.78ms) @ Accel:256 Loops:64 Thr:256 Vec:1
Speed.#2………: 1619.0 MH/s (81.85ms) @ Accel:256 Loops:64 Thr:256 Vec:1
Speed.#*………: 3157.1 MH/s
Hashmode: 1700 - SHA2-512
Speed.#1………: 373.5 MH/s (88.58ms) @ Accel:128 Loops:32 Thr:256 Vec:1
Speed.#2………: 389.3 MH/s (85.10ms) @ Accel:128 Loops:32 Thr:256 Vec:1
Speed.#*………: 762.8 MH/s
Hashmode: 2500 - WPA-EAPOL-PBKDF2 (Iterations: 4096)
Speed.#1………: 180.2 kH/s (90.03ms) @ Accel:128 Loops:64 Thr:256 Vec:1
Speed.#2………: 182.3 kH/s (88.78ms) @ Accel:128 Loops:64 Thr:256 Vec:1
Speed.#*………: 362.5 kH/s
...
Hashmode: 1500 - descrypt, DES (Unix), Traditional DES
Speed.#1………: 387.8 MH/s (85.18ms) @ Accel:4 Loops:1024 Thr:256 Vec:1
Speed.#2………: 406.8 MH/s (81.22ms) @ Accel:4 Loops:1024 Thr:256 Vec:1
Speed.#*………: 794.6 MH/s
Hashmode: 500 - md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) (Iterations: 1000)
Speed.#1………: 4187.4 kH/s (59.66ms) @ Accel:512 Loops:250 Thr:64 Vec:1
Speed.#2………: 4258.8 kH/s (56.06ms) @ Accel:512 Loops:250 Thr:64 Vec:1
Speed.#*………: 8446.1 kH/s
Hashmode: 3200 - bcrypt $2*$, Blowfish (Unix) (Iterations: 32)
Speed.#1………: 8225 H/s (57.77ms) @ Accel:8 Loops:8 Thr:8 Vec:1
Speed.#2………: 9454 H/s (51.84ms) @ Accel:8 Loops:8 Thr:8 Vec:1
Speed.#*………: 17678 H/s
Hashmode: 1800 - sha512crypt $6$, SHA512 (Unix) (Iterations: 5000)
Speed.#1………: 67539 H/s (96.58ms) @ Accel:256 Loops:64 Thr:64 Vec:1
Speed.#2………: 67729 H/s (95.94ms) @ Accel:256 Loops:64 Thr:64 Vec:1
Speed.#*………: 135.3 kH/s
Hashmode: 7500 - Kerberos 5 AS-REQ Pre-Auth etype 23
Speed.#1………: 135.4 MH/s (61.09ms) @ Accel:128 Loops:32 Thr:64 Vec:1
Speed.#2………: 134.6 MH/s (61.49ms) @ Accel:128 Loops:32 Thr:64 Vec:1
Speed.#*………: 270.0 MH/s
...
Hashmode: 7100 - macOS v10.8+ (PBKDF2-SHA512) (Iterations: 35000)
Speed.#1………: 3819 H/s (61.55ms) @ Accel:64 Loops:16 Thr:256 Vec:1
Speed.#2………: 3790 H/s (62.10ms) @ Accel:64 Loops:16 Thr:256 Vec:1
Speed.#*………: 7609 H/s
Hashmode: 11600 - 7-Zip (Iterations: 524288)
Speed.#1………: 4903 H/s (102.60ms) @ Accel:256 Loops:128 Thr:256 Vec:1
Speed.#2………: 5119 H/s (98.10ms) @ Accel:256 Loops:128 Thr:256 Vec:1
Speed.#*………: 10022 H/s
...
Hashmode: 13000 - RAR5 (Iterations: 32767)
Speed.#1………: 19487 H/s (103.07ms) @ Accel:128 Loops:64 Thr:256 Vec:1
Speed.#2………: 20203 H/s (99.33ms) @ Accel:128 Loops:64 Thr:256 Vec:1
Speed.#*………: 39689 H/s
Hashmode: 6211 - TrueCrypt PBKDF2-HMAC-RIPEMD160 + XTS 512 bit (Iterations: 2000)
Speed.#1………: 123.7 kH/s (58.82ms) @ Accel:64 Loops:32 Thr:256 Vec:1
Speed.#2………: 125.4 kH/s (58.01ms) @ Accel:64 Loops:32 Thr:256 Vec:1
Speed.#*………: 249.1 kH/s
So, in theory, with 20726.0 MH/s we could crack MD5 8 char (lowercase alpha only) password in 2 hours (26 8 / 20.726 Millions= ~9500 seconds). On the other hand SHA1 would take around 7.5 hour (26 8 / 7328.7 MH/s = ~27410 seconds).
That should give you some idea. Trying to brute-force long passwords is near impossible. With 8 characters long password (only alphanum), you’ll end up with 628 combinations (218.340.105.584.896 = 218 trillion). Add symbols to that mix (!@#$%) and you’re f*****, ending up with quadrillions of combinations. Expanding that with a few characters and some more “complex” hash (more bits, salts…) and you might end up in twilight zone. Each additional character exponentially increases the brute-force difficulty/numbers. You slowly start to engage with incomprehensibly large numbers, even for a machine.
If you have a supercomputer at your disposal or an army of machines, you maybe have a fighting chance, but even then it’s a big “MAYBE”.Of course, you can never know, in your effort to crack something you might find the solution in the first hour, but from the math perspective it’s not likely.
For the reference:
million = 1×10^6
billion = 1×10^9
trillion = 1×10^12
quadrillion = 1×10^15
quintillion = 1×10^18
sextillion = 1×10^21
septillion = 1×10^24
octillion = 1×10^27
…
Login Brute-Force
Since too many people suggested Instagram/Facebook brute-force approach to gain access, we need to explain this. If nothing else it will be useful for us as a reference for people who send us inquiries in the future.
Doing login brute-force on some services is even worse than plain password cracking. With brute-forcing of a “login” page, you must take into account the latency between your server(s) and the service, login latency (on their side), parsing, you’ll need good enough hardware to take as many threads as possible (concurrent requests), proxies to avoid being banned, etc. It’s simply crazy to even think that that’s a viable way to gain access.
I’m not sure if we need the math here. On previously listed benchmark we have performance of 20 Million Hashes/Passwords per second for MD5
(with 2 GPUs), and it would still take 2 Hrs to go through that list. Here, let’s say we have one request taking 1 second to process, there’s no point to even try. As mentioned, we can use multiprocessing/threading, multiple servers, proxies and what not, but that’s not going to help.
Password Cracking using Wordlists
Using wordlists is another thing. You can try some pre-defined wordlist to check if some user/admin set some weak password somewhere, but it’s far from ideal. Statistically, if you’re using some limited wordlist with well known/widely used passwords to scan thousands of websites logins, you’ll most likely gain an access. It’s useful for some pentesting procedures, but we doubt about usefulness of this approach when you’re trying to attack a specific (“serious”) target.
Don’t get us wrong, brute-force is not always impossible here, we just need to reduce values to acceptable levels.
Password “recovery” story
At one moment we had a person asking us to “recover” an Instagram account. The person knew password was of certain length and that there were some specific chars in it:
- First char was uppercase (26 1 )
- Following six chars were lowercase (26 6 – 308.915.776)
- Last char was a special char (30 1)
In case we didn’t have these details, we would have to check for:
The 52 letters (lower/upper case) +10 numbers + 32 special chars = ~92 8
Since we have some info on the password, if our math is right, now there’s 240.954.305.280 combinations (240 billion). A 99.99% reduction or 21k times less combinations. This is still not doable, but it’s a good example on how we could use available info to reduce number of passwords we need to brute-force.
For instance, if this person knew first 3 letters, with following 4 lower letters and final special char we would end up with 13.709.280 combinations. That’s something we could work with. Utilizing 1k threads, including proxies, we would have to do just 13k requests. If one request pessimistically took 5 seconds to process, we would finish brute-forcing in less than a day.
Conclusion
A lot of theorizing.. In the end, be sure to set long passwords (12+) with mixed character sets (numbers, uppercase, lowercase and if possible special chars), avoid dictionary words, pronouns, usernames, dates, personal info and don’t use the same password in difference places.
Ideally you would use different passwords on every service, but our limited brains can’t handle that much. Some people also have problems with saving passwords on notes, browser or some software, not beliving anyone or anything. We are a part of that group. At a very least, you can categorize groups of passwords by priority/importance, for e.g.:
- financial (banks, paypal, etc.)
- communication (gmail, skype, etc.)
- social(facebook, instagram, etc.)
- other (temporary logins)
It would be even better to add something that’s going to differentiate passwords within same group, for e.g. gmail password “TmpPasswd100
” and skype “TmpPasswd200
“. That way even if your gmail password gets compromised, skype will still be “safe”. All you have to remember is 4 core segments of passwords and the way you make those subtle variations within the groups. Easy.
For the most imporant services, don’t reveal passwd to anyone and try not to login on them from anywhere else but your “safe” location. Avoid public wifi, friends computers, etc. As you go down the list, you can lower your guard a bit.
Belive it or not, many services/websites save their user’s passwords in plain text, you can never know. Hope for the best, plan for the worst.