php crypt brute force...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
zurich
Forum Newbie
Posts: 3
Joined: Sat Oct 24, 2009 5:33 pm

php crypt brute force...

Post by zurich »

Hi guys,

A guy at work gave me a challenge: simple task.

I have a php crypt() hash, example: 1j3c5JNdu4gxU
I know the salt which was used: 1jtest

I need to reverse the crypt function to find the original password.
I know crypt is not reversible, and hence therefore need to brute force. I know that crypt() only uses max. 8 characters.

So:
1-8 characters. Salt known.

I have tried to write a for(for(for(xxxxx))) to generate the different hashes, but its too hard for my PC to handle..
Do you guys have any suggestions on how to optimize the process? is there any weaknesses in php crypt() that can be used? or do I just need a supercomputer to do the math for me??

Thanks in avance.
Mark Baker
Forum Regular
Posts: 710
Joined: Thu Oct 30, 2008 6:24 pm

Re: php crypt brute force...

Post by Mark Baker »

Are you sure this isn't a rigged challenge. I'm not aware of any hash algorithm that returns a 13-character hash value
zurich
Forum Newbie
Posts: 3
Joined: Sat Oct 24, 2009 5:33 pm

Re: php crypt brute force...

Post by zurich »

hmmm, seems quite right in my mind, example:

Code: Select all

 
$var = crypt("devnetwo", "1jtest");
echo "var: ".$var."<br><br>";
 
returns:

Code: Select all

 
var: 1jM4aEf1ozZdQ
 
which is 13 characters....
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: php crypt brute force...

Post by requinix »

crypt() can generate 13 character hashes.

There is no reverse-crypt() function. Doesn't exist. Can't exist. All you can do is brute-force it: guess a string, crypt() it, and compare the hashes.

There are weaknesses to every encryption and hashing function, but for a "simple task" it'll take you a lot of work.

A suggestion: if you manage to break crypt(), publish the results. You'll become famous.
zurich
Forum Newbie
Posts: 3
Joined: Sat Oct 24, 2009 5:33 pm

Re: php crypt brute force...

Post by zurich »

he he... ;-)

I know its irreversible, hence no easy solution.. but I just thought that someone knew how to break down the problem into minor bits so that the cpu workload would be greatly reduced. But guess I should search for a way to borrow time on a supercomputer somewhere and then produce the function to create all posible text-combinations; crypt() them one at a time and do a comparison...

these guys talk about doing it recursively: http://stackoverflow.com/questions/361/ ... f-a-string

could be an approch, my original idea was to do it in 8 nested for() loops... however no matter what I need to enforce some kind of way to monitor the progress as it could take days (haven't calculated on the amount of different values yet).
Post Reply