2009/5/3 Ted Harding Ted.Harding@manchester.ac.uk:
JJ: I'm fairly confident you're not going the get my password, because it's not a natural language word.
Neither is 'a56'
PW: This isn't dependent on any dictionary-based word, it's just trying every permutation of letters and numbers up to 14 characters long.
Yup, brute force crunching.
JJ: Ah, I'm feeling less confident because ...
PW: Ah! There's your password
JJ: Oh!
PW: That took two hundred and ninety seconds of computational time.
Well, my jaw would drop if I believed it! Even if the password is
If find your surprise, quite surprising.
case-insensitive, that's 36 letters+numbers to try every "permutation" of. There are 36^14 different 14-character strings where each character can independently be any letter or number. And that's just the full 14-character string -- there's also all the shorter strings as well.
Now, 36^14 is about 10^22, or 10^13 billion, or 10,000 billion billion.
A 1-GHz CPU would take 10,000 billion seconds to execute that number of CPU cycles, or about 300,000 years. So there's no way the guy's password hacker is going to do what he said it would do.
No, that would be a Worst-Case scenario. eg. If the password was 'ZZZZZZZZZZZZZZ' (and the brute force algorithm did lowercase first then uppercase last).
If your password was 'charlie4567' it would take a lot less time to crack in a sequential brute force attack, than the ZZZZZZZZZZZZZZ case.
Also, to do this in code, one would probably not do an attack on the 14 char password in the first instance.
You would most likely do: 'a' 'b' etc. to 'z'
Then 'aa', 'ab', 'ac' and so on.
So if your password was 'gitkip123', you do not have to cover the entire 14 character textspace to find a matching pattern.
Did the people on the programme say what the password is? How long it was?
Srdjan