Brute-forcing...?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

TS_Death_Angel
Forum Commoner
Posts: 31
Joined: Sat Dec 31, 2005 8:49 am

Post by TS_Death_Angel »

volka wrote:copying code does not improve skills ;)
It will look entirely different when it's done.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

Here's to all brave knights that attack windmills :)

TS_Death_Angel: If you go and read some theory on the matter at hand, you'll find more efficient methods and more interesting coding challenges. Blind bruteforcing will just get you nowhere. Okay, there are good things to do with dictionaries, but still there are better solutions for the general problem. Look up rainbow tables.
User avatar
William
Forum Contributor
Posts: 332
Joined: Sat Oct 25, 2003 4:03 am
Location: New York City

Post by William »

I have always wondered, what would stop someone from doing this:

while($i != 'a') {

$hash[] = md5($i);
$i++;

}

I just put it in an array because I didn't know what else to type up, but if md5 is limited to a 32 bit string, then what would stop someone from just counting up from 0, I'm sure a collision will happen some time... - My thoughts.
User avatar
bokehman
Forum Regular
Posts: 509
Joined: Wed May 11, 2005 2:33 am
Location: Alicante (Spain)

Post by bokehman »

William wrote:I have always wondered, what would stop someone from doing this.
Well that is the basis of a brute force attack but all you are doing is creating an array. You are not testing anything.and you are only producing numbers.

To be honest brute force is rubbish. There are 16^32 (3.4 followed by 38 zeros) combos and it's only possible to check about 100,000 per second. In an average human lifecycle it would be possible to try about 1.7 followed by 14 zeros combos which is just a very small proportion of the total.
User avatar
Sema
Forum Commoner
Posts: 34
Joined: Fri Sep 03, 2004 12:43 pm
Location: Aalborg, Denmark

Post by Sema »

Currently there are lot of MD5 hash lookup services on the net, and some of them have big databases with MD5 hashes and the data used to generate the MD5 hash.
User avatar
William
Forum Contributor
Posts: 332
Joined: Sat Oct 25, 2003 4:03 am
Location: New York City

Post by William »

bokehman wrote:
William wrote:I have always wondered, what would stop someone from doing this.
Well that is the basis of a brute force attack but all you are doing is creating an array. You are not testing anything.and you are only producing numbers.

To be honest brute force is rubbish. There are 16^32 (3.4 followed by 38 zeros) combos and it's only possible to check about 100,000 per second. In an average human lifecycle it would be possible to try about 1.7 followed by 14 zeros combos which is just a very small proportion of the total.
As I posted above, the array was just to give a basic idea of storing the data. I really didn't feel like making a basic storage structure and a search just to ask a simple question, the array was just something to store the values, or I would have been asked why I was just going through a loop. Also, isn't there computers out there that can do more then 100,000 a second?
User avatar
bokehman
Forum Regular
Posts: 509
Joined: Wed May 11, 2005 2:33 am
Location: Alicante (Spain)

Post by bokehman »

William wrote:Also, isn't there computers out there that can do more then 100,000 a second?
Probably but not your average PC (which has more power than most servers. Using PHP is not a good choice either for this sort of thing. The other thing is a computer trying to brute force something is completely locked up and can't be used for any other task.
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

bokehman wrote:To be honest brute force is rubbish. There are 16^32 (3.4 followed by 38 zeros) combos and it's only possible to check about 100,000 per second.
But wouldn't it be awesome to fill up a 1.09x10^70 byte hard drive?
Post Reply