 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
 Posted: Fri Dec 12, 2008 2:22 pm Post subject: |
 |
|
You cannot brute force a password for a website in a timely fashion. Even if the password is plain-text, it will take maybe 200ms for you to send the password data to the server, and maybe another 200ms for the response.
That is literally thousands of times slower than brute forcing a local password. Even a P4 can count from 0 to 10^8 and do a "cmp" for each number in less than a minute. |
|
| Back to top |
|
 |
Jorg hi
I post too much
 Reputation: 7
Joined: 24 Dec 2007
Posts: 2276
Location: Minnesota
|
| Posted: Fri Dec 12, 2008 5:34 pm Post subject: |
|
|
| rapion124 wrote: | You cannot brute force a password for a website in a timely fashion. Even if the password is plain-text, it will take maybe 200ms for you to send the password data to the server, and maybe another 200ms for the response.
That is literally thousands of times slower than brute forcing a local password. Even a P4 can count from 0 to 10^8 and do a "cmp" for each number in less than a minute. |
Yes but what if the server was hosted by you?
Edit:I'm a year smarter now.
I mean that what if you send a bruteforcer virus to someones server/pc and it trys to brute force it there but the password/server is encrypted.
_________________
CEF will always stay alive.
Last edited by Jorg hi on Thu Jun 10, 2010 8:05 pm; edited 1 time in total |
|
| Back to top |
|
|
killer1478
Grandmaster Cheater
 Reputation: -1
Joined: 20 Jul 2007
Posts: 845
Location: Watching You Threw My Internet Eye
|
| Posted: Sat Dec 13, 2008 7:37 pm Post subject: |
|
|
D: i used 123456789 and it took 4 ever O:
_________________
^^^CLICK FOR FREE PORN^^^
Killer
RULES! !``
|
|
| Back to top |
|
|
Jonyleeson
Master Cheater
 Reputation: 0
Joined: 03 May 2007
Posts: 484
Location: Hrault, France
|
| Posted: Sun Dec 14, 2008 5:30 pm Post subject: |
|
|
| Jorg hi wrote: | | rapion124 wrote: | You cannot brute force a password for a website in a timely fashion. Even if the password is plain-text, it will take maybe 200ms for you to send the password data to the server, and maybe another 200ms for the response.
That is literally thousands of times slower than brute forcing a local password. Even a P4 can count from 0 to 10^8 and do a "cmp" for each number in less than a minute. |
Yes but what if the server was hosted by you? |
If you're hosting the server, you have direct access to the password.
Sense, you make none. |
|
| Back to top |
|
|
nog_lorp
Grandmaster Cheater
 Reputation: 0
Joined: 26 Feb 2006
Posts: 743
|
| Posted: Tue Dec 16, 2008 3:13 pm Post subject: |
|
|
| Jorg hi wrote: | | Yes but what if you already had the plaintext password and therefore had no reason to use a brute forcer? |
Fixed.
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
| Back to top |
|
|
Jvlaple
Grandmaster Cheater
 Reputation: 0
Joined: 15 Dec 2008
Posts: 768
|
| Posted: Wed Dec 24, 2008 10:39 pm Post subject: |
|
|
| Lol its made in GameMaker xD |
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Wed Dec 24, 2008 10:54 pm Post subject: |
|
|
So...does this work or not? =/
_________________
|
|
| Back to top |
|
|
Jvlaple
Grandmaster Cheater
Reputation: 0
Joined: 15 Dec 2008
Posts: 768
|
| Posted: Thu Dec 25, 2008 7:42 am Post subject: |
|
|
| kitterz wrote: | | So...does this work or not? =/ |
work , but extremely slow due to interpretation by GMKER -_- |
|
| Back to top |
|
|
Jorg hi
I post too much
Reputation: 7
Joined: 24 Dec 2007
Posts: 2276
Location: Minnesota
|
|
| Back to top |
|
|
nog_lorp
Grandmaster Cheater
Reputation: 0
Joined: 26 Feb 2006
Posts: 743
|
| Posted: Thu Dec 25, 2008 2:51 pm Post subject: |
|
|
Sigh...
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
| Back to top |
|
|
Jorg hi
I post too much
Reputation: 7
Joined: 24 Dec 2007
Posts: 2276
Location: Minnesota
|
|
| Back to top |
|
|
92Garfield
I'm a spammer
 Reputation: 57
Joined: 20 Dec 2007
Posts: 5871
Location: Banana Republic Germany
|
| Posted: Thu Jan 01, 2009 9:36 am Post subject: |
 |
|
Does this only count up? 
_________________
|
|
| Back to top |
|
|
Jorg hi
I post too much
Reputation: 7
Joined: 24 Dec 2007
Posts: 2276
Location: Minnesota
|
| Posted: Thu Jun 10, 2010 8:05 pm Post subject: |
|
|
| Jonyleeson wrote: | | Jorg hi wrote: | | rapion124 wrote: | You cannot brute force a password for a website in a timely fashion. Even if the password is plain-text, it will take maybe 200ms for you to send the password data to the server, and maybe another 200ms for the response.
That is literally thousands of times slower than brute forcing a local password. Even a P4 can count from 0 to 10^8 and do a "cmp" for each number in less than a minute. |
Yes but what if the server was hosted by you? |
If you're hosting the server, you have direct access to the password.
Sense, you make none. |
_________________
CEF will always stay alive. |
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Thu Jun 10, 2010 9:47 pm Post subject: |
|
|
Nobody seems to have noticed the fallacy rapion124 has made there. He assumes that a bruteforcer has to run in a single thread and has to wait for a reply to each request before making the next one. The fact of the matter is you could have hundreds of threads. And have them all synchronise in such a way that they all try different passwords. All the threads run concurrently so waiting for a reply is not an issue.
As for counting and comparing in less than a minute. loooollll
| Code: | include \masm32\include\masm32rt.inc
.code
start:
xor ebx, ebx
invoke AllocConsole
invoke GetTickCount
mov esi, eax
mov eax, 100000000 ; 10^8
@@:
cmp eax, 1
dec eax
test eax, eax
jnz @b
invoke GetTickCount
sub eax, esi
print ustr$(eax)
@@:
invoke Sleep, 100
invoke crt__kbhit
test eax, eax
jz @b
invoke FreeConsole
invoke ExitProcess, ebx
end start |
I count 78ms on my machine. I little shorter than a minute  |
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Thu Jun 10, 2010 10:40 pm Post subject: |
|
|
brute forcing becomes an effort in futility very quickly as the password strength ramps up.
a strong enough password will easily outlast your lifetime regardless of what kind of horsepower you throw at it.
something like a 512 bit password probably results in a number of possibilities bigger than the number of known stars in the observable universe or some shit. it's effectively uncrackable, you'll never survive to see the outcome.
ܨ?쵩I[No0ΝF7z<?q7}ì"e?õpbnW=?R}=:?
this alone would probably never be figured out.
at that level of complexity, number of potential combinations is ridiculous.
if my math is right:
2,772,669,690,
000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,
000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000
so assuming you're managing 100 trillion attempts a day, in one hundred years, you would have managed to plow out
100 trillion a day:
3,650,000,000,000,000,000 of those possibilities.
100 trillion a second:
315,360,000,000,000,000,000,000
needless to say, LAFF.
Last edited by hcavolsdsadgadsg on Thu Jun 10, 2010 11:37 pm; edited 3 times in total |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
