0

I'm doing a rainbow attack for homework and I'm getting some trouble on cracking passwords of different lengths. It means that I can crack every password of fixed length 8 for example in +-2 minutes. However, I don't know how to handle passwords from lengths 5 to 8 without losing much time.

Supposing that it's impossible to know the length of the password only by having the hash, I've already tried to crack the hash by trying every length one by one. It means that I spend 2 x 4 minutes to crack only 1 password.

Should I reduce every possible password with the maximum password length and then check only first characters or it is a bad idea?

I'm using a lower alphanumeric case rainbow table, sha256 algorithm and 50 000 different R functions. I'd like to find a way to accelerate this operation. Thanks to anyone who can help.

kalistawe
  • 9
  • 1
  • First of all, the SHA-256 has [padding](https://crypto.stackexchange.com/questions/9369/how-is-input-message-for-sha-2-padded) that the input becomes multiple of 512. The output of a cryptographic hash function is random therefore if you restrict the output, say, 10-bits any output will occur almost equally. So, only you need some good reductions function for yourself. I don't recommend you to restrict 5 to 8, go for <9. But if you want to restrict, if the length of the string is less then 5 then use a function to map 1 to 4 into 5-8 after the reduction function. – kelalaka Apr 21 '19 at 14:51
  • Thanks for your answer but I didn't understand how to check the length of the password because I only receive the hash of the password to crack. – kalistawe Apr 21 '19 at 19:04
  • After the reduction, you will have a new input to the next hash calculate, there check the length and process. – kelalaka Apr 21 '19 at 19:19
  • I guess that my R function is bad because I have to give it a length to generate a reduction. For exemple I give a hashed password: **ecd71870d1963316a97e3ac3408c9835ad8cf0f3c1bc703527c30265534f75ae** and the length of the reduction in the parameters. How can The R function guess the length by itself so I can know that this password is of length 7 ? – kalistawe Apr 21 '19 at 20:16
  • Why not just truncate after reduction function? – kelalaka Apr 21 '19 at 20:18

1 Answers1

0

I suspect you're on the wrong road for improving performance. As you seem to suspect, shorter passwords are not related in any useful way to longer passwords. There's no relationship between all passwords that start with a particular letter (assuming the hash function is cryptographic).

The important point is that the 7 character space is 36 times smaller than 8 character space (lowercase alphanumeric), and the 6 character space is 36 times smaller than that. So checking the entire 6 character space costs around 0.1% of the 8 character space, and the smaller spaces are essentially free.

So your performance work should be focused on the per-hash cost. You won't get much benefit by trying to short-cut the shorter password lengths because they represent such a tiny part of the search space.

Rob Napier
  • 286,113
  • 34
  • 456
  • 610