Hi guys,
A guy at work gave me a challenge: simple task.
I have a php crypt() hash, example: 1j3c5JNdu4gxU
I know the salt which was used: 1jtest
I need to reverse the crypt function to find the original password.
I know crypt is not reversible, and hence therefore need to brute force. I know that crypt() only uses max. 8 characters.
So:
1-8 characters. Salt known.
I have tried to write a for(for(for(xxxxx))) to generate the different hashes, but its too hard for my PC to handle..
Do you guys have any suggestions on how to optimize the process? is there any weaknesses in php crypt() that can be used? or do I just need a supercomputer to do the math for me??
Thanks in avance.
php crypt brute force...
Moderator: General Moderators
-
Mark Baker
- Forum Regular
- Posts: 710
- Joined: Thu Oct 30, 2008 6:24 pm
Re: php crypt brute force...
Are you sure this isn't a rigged challenge. I'm not aware of any hash algorithm that returns a 13-character hash value
Re: php crypt brute force...
hmmm, seems quite right in my mind, example:
returns:
which is 13 characters....
Code: Select all
$var = crypt("devnetwo", "1jtest");
echo "var: ".$var."<br><br>";
Code: Select all
var: 1jM4aEf1ozZdQ
Re: php crypt brute force...
crypt() can generate 13 character hashes.
There is no reverse-crypt() function. Doesn't exist. Can't exist. All you can do is brute-force it: guess a string, crypt() it, and compare the hashes.
There are weaknesses to every encryption and hashing function, but for a "simple task" it'll take you a lot of work.
A suggestion: if you manage to break crypt(), publish the results. You'll become famous.
There is no reverse-crypt() function. Doesn't exist. Can't exist. All you can do is brute-force it: guess a string, crypt() it, and compare the hashes.
There are weaknesses to every encryption and hashing function, but for a "simple task" it'll take you a lot of work.
A suggestion: if you manage to break crypt(), publish the results. You'll become famous.
Re: php crypt brute force...
he he... 
I know its irreversible, hence no easy solution.. but I just thought that someone knew how to break down the problem into minor bits so that the cpu workload would be greatly reduced. But guess I should search for a way to borrow time on a supercomputer somewhere and then produce the function to create all posible text-combinations; crypt() them one at a time and do a comparison...
these guys talk about doing it recursively: http://stackoverflow.com/questions/361/ ... f-a-string
could be an approch, my original idea was to do it in 8 nested for() loops... however no matter what I need to enforce some kind of way to monitor the progress as it could take days (haven't calculated on the amount of different values yet).
I know its irreversible, hence no easy solution.. but I just thought that someone knew how to break down the problem into minor bits so that the cpu workload would be greatly reduced. But guess I should search for a way to borrow time on a supercomputer somewhere and then produce the function to create all posible text-combinations; crypt() them one at a time and do a comparison...
these guys talk about doing it recursively: http://stackoverflow.com/questions/361/ ... f-a-string
could be an approch, my original idea was to do it in 8 nested for() loops... however no matter what I need to enforce some kind of way to monitor the progress as it could take days (haven't calculated on the amount of different values yet).