Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: Password cracking? (Read 2802 times)

SimpleIn
member
Activity: 84
Merit: 10
Password cracking?
August 22, 2015, 04:16:53 PM
#24
Quote from: seoincorporation on June 27, 2015, 08:32:13 AM
Quote from: ClamCoin on June 26, 2015, 01:52:52 PM
Quote from: seoincorporation on June 26, 2015, 01:49:28 PM
Quote from: ClamCoin on June 26, 2015, 10:31:25 AM
How do people crack passwords with bitcoin miners lika antminers s5? And how can I prevent my account from being cracked?

Anyone got knowledge of this?

To crack passwords people can use brute force attacks with software like John the Ripper;

https://en.wikipedia.org/wiki/John_the_Ripper

and to avoid get cracked you can use a complex password, something like:

Quote
Asd3422Gf//$X1

I used burpsuite to crack my own account but it only makes 1 guess per second. To see how password cracking works, but i read it does million per second, so it is far away from that.

1/s is really slow = 3600/hour

At last brute force can take for ever if the password is complex. You can find on the net a great common passwords list called mil-dic.txt:

https://code.google.com/p/mangos-crack/source/browse/trunk/dict/mil-dic.txt?r=11

How do you know that the password difficult enough?
fran2k
hero member
Activity: 784
Merit: 500
Re: Password cracking?
August 22, 2015, 11:29:41 AM
#23
Quote from: btcdealer on August 04, 2015, 10:41:41 PM
Quote from: ClamCoin on June 26, 2015, 10:31:25 AM
How do people crack passwords with bitcoin miners lika antminers s5? And how can I prevent my account from being cracked?

Anyone got knowledge of this?
Never heard of password cracking with the help of bitcoin miner... Huh Huh

It was possible when a Bitcoin miner was a GPU rig.  Wink
btcdealer
full member
Activity: 206
Merit: 100
Re: Password cracking?
August 04, 2015, 10:41:41 PM
#22
Quote from: ClamCoin on June 26, 2015, 10:31:25 AM
How do people crack passwords with bitcoin miners lika antminers s5? And how can I prevent my account from being cracked?

Anyone got knowledge of this?
Never heard of password cracking with the help of bitcoin miner... Huh Huh
dblink
sr. member
Activity: 252
Merit: 250
Re: Password cracking?
June 27, 2015, 01:13:58 PM
#21
Quote from: ClamCoin on June 26, 2015, 10:31:25 AM
How do people crack passwords with bitcoin miners lika antminers s5? And how can I prevent my account from being cracked?
Anyone got knowledge of this?
There is no such thing called cracking passwords with bitcoin mining and transactions, it is matter of leaking your account details and personal information to the untrusted trading partners, If you wanna really know about the details and hashing of cracking passwords, you should take the Ethical hacking lessons and course in an IT Networking field.
ticoti
hero member
Activity: 854
Merit: 1000
Re: Password cracking?
June 27, 2015, 01:01:52 PM
#20
What passwords do you mean? wallet passwords?

for wallet passwords gpu or cpu can be used with btcrecover
satnof
newbie
Activity: 28
Merit: 0
Re: Password cracking?
June 27, 2015, 11:30:40 AM
#19
the way it's done is using pregenerated rainbow tables. It takes seconds once you have the whole hash space. Nobody uses brute-force in this day and age. You can download them for free at freerainbowtables.com, they're several Gigs big, but basically you can crack any hash with them.
seoincorporation
legendary
Activity: 3388
Merit: 3154
Re: Password cracking?
June 27, 2015, 08:32:13 AM
#18
Quote from: ClamCoin on June 26, 2015, 01:52:52 PM
Quote from: seoincorporation on June 26, 2015, 01:49:28 PM
Quote from: ClamCoin on June 26, 2015, 10:31:25 AM
How do people crack passwords with bitcoin miners lika antminers s5? And how can I prevent my account from being cracked?

Anyone got knowledge of this?

To crack passwords people can use brute force attacks with software like John the Ripper;

https://en.wikipedia.org/wiki/John_the_Ripper

and to avoid get cracked you can use a complex password, something like:

Quote
Asd3422Gf//$X1

I used burpsuite to crack my own account but it only makes 1 guess per second. To see how password cracking works, but i read it does million per second, so it is far away from that.

1/s is really slow = 3600/hour

At last brute force can take for ever if the password is complex. You can find on the net a great common passwords list called mil-dic.txt:

https://code.google.com/p/mangos-crack/source/browse/trunk/dict/mil-dic.txt?r=11
ClamCoin
sr. member
Activity: 448
Merit: 250
Re: Password cracking?
June 26, 2015, 01:52:52 PM
#17
Quote from: seoincorporation on June 26, 2015, 01:49:28 PM
Quote from: ClamCoin on June 26, 2015, 10:31:25 AM
How do people crack passwords with bitcoin miners lika antminers s5? And how can I prevent my account from being cracked?

Anyone got knowledge of this?

To crack passwords people can use brute force attacks with software like John the Ripper;

https://en.wikipedia.org/wiki/John_the_Ripper

and to avoid get cracked you can use a complex password, something like:

Quote
Asd3422Gf//$X1

I used burpsuite to crack my own account but it only makes 1 guess per second. To see how password cracking works, but i read it does million per second, so it is far away from that.
seoincorporation
legendary
Activity: 3388
Merit: 3154
Re: Password cracking?
June 26, 2015, 01:49:28 PM
#16
Quote from: ClamCoin on June 26, 2015, 10:31:25 AM
How do people crack passwords with bitcoin miners lika antminers s5? And how can I prevent my account from being cracked?

Anyone got knowledge of this?

To crack passwords people can use brute force attacks with software like John the Ripper;

https://en.wikipedia.org/wiki/John_the_Ripper

and to avoid get cracked you can use a complex password, something like:

Quote
Asd3422Gf//$X1
lite
legendary
Activity: 1400
Merit: 1009
Re: Password cracking?
June 26, 2015, 01:45:36 PM
#15
Quote from: ClamCoin on June 26, 2015, 11:50:17 AM
Quote from: photon_coin on June 26, 2015, 11:11:35 AM
for general pw cracking hashcat is pretty good http://hashcat.net/oclhashcat/

It will not help you crack a bitcoin wallet or priv keys though.
I dont want to hack anything, i am just curious how people did it on this forum.
Forum was hacked by a method called social engineering. If you want to crack password buy powerful GPUs and use oclhashcat.
dothebeats
legendary
Activity: 3542
Merit: 1352
Re: Password cracking?
June 26, 2015, 01:40:54 PM
#14
Quote from: ClamCoin on June 26, 2015, 10:31:25 AM
How do people crack passwords with bitcoin miners lika antminers s5? And how can I prevent my account from being cracked?

Anyone got knowledge of this?

What passwords and accounts are you referring to? If it is about the forum, there are several ways to prevent your account from being compromised like generating a strong password (usually 15 characters or more are enough, but common words or phrases can be easily guessed by attackers). Also, bitcoin miners cannot in any way crack any passwords as far as I know.

Quote from: digicoinuser on June 26, 2015, 01:40:06 PM
I've never heard of password cracking with miners but passwords are generally hard to crack past 12 chars unless formed with one word.

Agreed, 12 char passwords or more cannot be easily cracked if it's unintelligible or made up of different combinations of letters, numbers and/or symbols. If it is a phrase or a group of words, it can be easily guessed by an attacker within hours or minutes.
digicoinuser
legendary
Activity: 2702
Merit: 1072
Re: Password cracking?
June 26, 2015, 01:40:06 PM
#13
I've never heard of password cracking with miners but passwords are generally hard to crack past 12 chars unless formed with one word.
RaginglikeaBoss
sr. member
Activity: 302
Merit: 250
Never before 11 P.M.
Re: Password cracking?
June 26, 2015, 01:05:32 PM
#12
Quote from: Next BillGates on June 26, 2015, 12:59:12 PM
Quote from: --Encrypted-- on June 26, 2015, 12:02:37 PM
Quote from: ClamCoin on June 26, 2015, 11:50:17 AM
Quote from: photon_coin on June 26, 2015, 11:11:35 AM
for general pw cracking hashcat is pretty good http://hashcat.net/oclhashcat/

It will not help you crack a bitcoin wallet or priv keys though.
I dont want to hack anything, i am just curious how people did it on this forum.

phishing sites, keyloggers, hacker attacks, brute force (not sure about this one), and evil friends.. did I miss something?

You missed recent attack, Social Engineering.

The rare post by a newbie account that makes sense.

It is far, far easier to crack "social recovery" methods then it is to crack SHA-256.

Then again, that makes the assumption SHA-256 is used to encrypt this information.  Most websites using this format use 128-bit encryption.  Do the math.
Next BillGates
full member
Activity: 235
Merit: 100
Re: Password cracking?
June 26, 2015, 12:59:12 PM
#11
Quote from: --Encrypted-- on June 26, 2015, 12:02:37 PM
Quote from: ClamCoin on June 26, 2015, 11:50:17 AM
Quote from: photon_coin on June 26, 2015, 11:11:35 AM
for general pw cracking hashcat is pretty good http://hashcat.net/oclhashcat/

It will not help you crack a bitcoin wallet or priv keys though.
I dont want to hack anything, i am just curious how people did it on this forum.

phishing sites, keyloggers, hacker attacks, brute force (not sure about this one), and evil friends.. did I miss something?

You missed recent attack, Social Engineering.
--Encrypted--
copper member
Activity: 924
Merit: 1007
hee-ho.
Re: Password cracking?
June 26, 2015, 12:37:55 PM
#10
Quote from: ClamCoin on June 26, 2015, 12:20:04 PM
Quote from: --Encrypted-- on June 26, 2015, 12:02:37 PM
Quote from: ClamCoin on June 26, 2015, 11:50:17 AM
Quote from: photon_coin on June 26, 2015, 11:11:35 AM
for general pw cracking hashcat is pretty good http://hashcat.net/oclhashcat/

It will not help you crack a bitcoin wallet or priv keys though.
I dont want to hack anything, i am just curious how people did it on this forum.

phishing sites, keyloggers, hacker attacks, brute force (not sure about this one), and evil friends.. did I miss something?
Xss, cross site scripting?

I think XSS pretty much falls into the hacker attacks category. tho I'm sure we're save from XSS.
ClamCoin
sr. member
Activity: 448
Merit: 250
Re: Password cracking?
June 26, 2015, 12:20:04 PM
#9
Quote from: --Encrypted-- on June 26, 2015, 12:02:37 PM
Quote from: ClamCoin on June 26, 2015, 11:50:17 AM
Quote from: photon_coin on June 26, 2015, 11:11:35 AM
for general pw cracking hashcat is pretty good http://hashcat.net/oclhashcat/

It will not help you crack a bitcoin wallet or priv keys though.
I dont want to hack anything, i am just curious how people did it on this forum.

phishing sites, keyloggers, hacker attacks, brute force (not sure about this one), and evil friends.. did I miss something?
Xss, cross site scripting?
--Encrypted--
copper member
Activity: 924
Merit: 1007
hee-ho.
Re: Password cracking?
June 26, 2015, 12:02:37 PM
#8
Quote from: ClamCoin on June 26, 2015, 11:50:17 AM
Quote from: photon_coin on June 26, 2015, 11:11:35 AM
for general pw cracking hashcat is pretty good http://hashcat.net/oclhashcat/

It will not help you crack a bitcoin wallet or priv keys though.
I dont want to hack anything, i am just curious how people did it on this forum.

phishing sites, keyloggers, hacker attacks, brute force (not sure about this one), and evil friends.. did I miss something?
Next BillGates
full member
Activity: 235
Merit: 100
Re: Password cracking?
June 26, 2015, 11:56:13 AM
#7
Quote from: belmonty on June 26, 2015, 11:44:58 AM
After this forum got hacked theymos, the guy who runs this forum, posted this information about how long it would take the hacker to recover a password from the hash of it that he stole. If the password consists of normal words it's possible. If the password consists of 12 random characters it would take 260 years to crack one password.

I don't know what software or equipment people use to crack passwords but you can prevent your account from being hacked if you make sure your password consists of 15 or more random characters like numbers, upper and lower case letters, and special characters.

Quote from: theymos on May 25, 2015, 09:39:49 AM
...

The following table shows how long it will take on average for a rather powerful attacker to recover RANDOM passwords using current technology, depending on the password's alphabet and length. If your password is not completely random (ie. generated with the help of dice or a computer random number generator), then you should assume that your password is already broken.

It is not especially helpful to turn words into leetspeak or put stuff between words. If you have a password like "w0rd71Voc4b", then you should count that as just 2 words to be safe. In reality, your extra stuff will slow an attacker down, but the effect is probably much less than you'd think. Again, the times listed in the table only apply if the words were chosen at random from a word list. If the words are significant in any way, and especially if they form a grammatical sentence or are a quote from a book/webpage/article/etc., then you should consider your password to be broken.

Code:
Estimated time (conservative) for an attacker to break randomly-constructed
bitcointalk.org passwords with current technology

s=second; m=minute; h=hour; d=day; y=year; ky=1000 years; My=1 million years

Password length  a-z  a-zA-Z  a-zA-Z0-9  
              8    0      3s        12s              2m
              9    0      2m        13m              3h
             10   8s      2h        13h             13d
             11   3m      5d        34d              1y
             12   1h    261d         3y            260y
             13   1d     37y       366y            22ky
             14  43d   1938y       22ky             1My
             15   1y   100ky        1My           160My
-------------------------------------------------------
         1 word  0
        2 words  0
        3 words  0
        4 words  3m
        5 words  19d
        6 words  405y
        7 words  3My

......

I think he's mentioned that some highly configured computer will crack like above said. But, what about super computers? Might enough half or less than half of the time taken by highly configured computers.

And no idea about cracking passwords with bitcoin miners. Let me ask it at HF.
ClamCoin
sr. member
Activity: 448
Merit: 250
Re: Password cracking?
June 26, 2015, 11:50:17 AM
#6
Quote from: photon_coin on June 26, 2015, 11:11:35 AM
for general pw cracking hashcat is pretty good http://hashcat.net/oclhashcat/

It will not help you crack a bitcoin wallet or priv keys though.
I dont want to hack anything, i am just curious how people did it on this forum.
belmonty
sr. member
Activity: 295
Merit: 250
Re: Password cracking?
June 26, 2015, 11:44:58 AM
#5
After this forum got hacked theymos, the guy who runs this forum, posted this information about how long it would take the hacker to recover a password from the hash of it that he stole. If the password consists of normal words it's possible. If the password consists of 12 random characters it would take 260 years to crack one password.

I don't know what software or equipment people use to crack passwords but you can prevent your account from being hacked if you make sure your password consists of 15 or more random characters like numbers, upper and lower case letters, and special characters.

Quote from: theymos on May 25, 2015, 09:39:49 AM
...

The following table shows how long it will take on average for a rather powerful attacker to recover RANDOM passwords using current technology, depending on the password's alphabet and length. If your password is not completely random (ie. generated with the help of dice or a computer random number generator), then you should assume that your password is already broken.

It is not especially helpful to turn words into leetspeak or put stuff between words. If you have a password like "w0rd71Voc4b", then you should count that as just 2 words to be safe. In reality, your extra stuff will slow an attacker down, but the effect is probably much less than you'd think. Again, the times listed in the table only apply if the words were chosen at random from a word list. If the words are significant in any way, and especially if they form a grammatical sentence or are a quote from a book/webpage/article/etc., then you should consider your password to be broken.

Code:
Estimated time (conservative) for an attacker to break randomly-constructed
bitcointalk.org passwords with current technology

s=second; m=minute; h=hour; d=day; y=year; ky=1000 years; My=1 million years

Password length  a-z  a-zA-Z  a-zA-Z0-9  
              8    0      3s        12s              2m
              9    0      2m        13m              3h
             10   8s      2h        13h             13d
             11   3m      5d        34d              1y
             12   1h    261d         3y            260y
             13   1d     37y       366y            22ky
             14  43d   1938y       22ky             1My
             15   1y   100ky        1My           160My
-------------------------------------------------------
         1 word  0
        2 words  0
        3 words  0
        4 words  3m
        5 words  19d
        6 words  405y
        7 words  3My

......
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: