Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
timur1022018-07-02 16:10:31
Mathematics
timur102, 2018-07-02 16:10:31

How many passwords + rainbow-tables can there be?

For example, I have already intercepted handshakes with the aircrack-ng utility (or rather airodump-ng).
I have a .cap file. I wondered how many password options there could be, but because I don’t know combinatorics well, I would like to make sure that I think correctly.
32 *2 (Cyrillic = lower and upper case) + 26*2 (Latin = lower and upper case) +

. , ! @ # $ % ^ & * ( ) _ - + = / " ' № : ? < > { } [ ]
28 (didn't forget anything?) + 10 (digits) = 154
So the options for an 8-digit password are 154^8 = 316348490636206336
Usually passwords make 8 - 16 characters.
c = sum([154**i for i in range(8,17)])
print(c)

It turns out: 100730461433216424107205973413148416. 36 digit number.
My video card can sort out, for example, 50,000 passwords / s.
In total it will take 2.0146092286643285e+30 seconds.
sec = c/50000.0
Or 5.5961367462898016e+26 hours or 2.331723644287417e+25 days (that's how long they live?)
Now the questions are: did I count everything correctly? Does it make sense to sort out passwords in this way?
There are also rainbow-tables. Do they speed things up?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
L
Lander, 2018-07-02
@timur102

I did not check the received numbers, but the message is correct.
Here you have answered your own question. :)
Brute force is a very reliable attack (it always works sooner or later), but an extremely inefficient attack. :)

Report
M
Mercury13, 2018-07-02
@Mercury13

1. What is a rainbow table? Once computed, it is reused by others for the "reverse hash" task.
2. Wi-Fi uses two parameters: ANonce and a password - so we have a challenge-response protocol designed specifically to make rainbow tables impractical - a hacking problem solved for one session will not help to hack another.
3. So how much to break? If you are trying to hack into someone else's network and put reasonable limits on someone else's password, you are. If you are setting up a security policy, it is better to take into account only the shortest of the options: if the limit is 8 ... 24 characters, then take exactly 8 for calculations.

Similar questions
J
Jesu0s2020-07-09 23:28:45
How to predict a variable as close as possible, but not larger than it? 1Reply
R
Roman Nazarkin2013-11-25 19:01:52
How to calculate a certain number from Pi? 1Reply
A
Andrew Foy2021-10-16 15:31:24
How to learn to understand geometry? 2Reply
V
VsevolodKrupsky2013-11-29 19:31:57
Are there any equivalents of Sympy for JavaScript 2Reply
M
moem2018-07-26 13:19:59
How much can the length of the unique key string be reduced by using a 32-character alphabet instead of 16-decimal digits? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question