Thegrideon Software. One less reason to worry.

Mixed Password Recovery Attacks

Mixed Attack Example 1

Example 1:
Let's say there is no information about the password except for charset "0..9A..Za..z" and the fact that the first character is number and the last one is capitalized. Let’s say the password length is 8 chars.
Brute-force attack for 8 chars with charset "0..9A..Za..z" is 62^8 passwords to verify.
3 parts mixed attack:
1) <number> - brute-force 1char long "0..9" charset.
2) <unknown> - 6 chars with charset "0..9A..Za..z".
3) <cap> - 1 char with "A..Z" charset.
This mixed attack is: 10 * 62^6 * 26 passwords. Actually it is just 7% from full brute-force with very limited additional information applied.
Example 1 + multi-computer processing:
You can also use mixed attacks to split the task between several PCs. Here is how the first part can be used to split workload for the example above:
PC1: <number> - brute-force 1char long "0..4" charset.
PC2: <number> - brute-force 1char long "5..9" charset.

Mixed Attack Example 2

Example 2:
Let's say company documents are protected with passwords: "<FName><YY><LName>"
(e.g. "John14Smith" or "Fred98Bloggs")
Parts are as following:
FName – first name: dictionary file.
YY – last 2 digit of year: brute-force 2 chars long with "0..9" charset.
LName – last name: dictionary file.

Mixed Attack Example 3

Example 3:
How about Example 2 passwords but with parts divided by underscore: "<FName>_<YY>_<LName>"
(e.g. "John_14_Smith" or "Fred_98_Bloggs")
Now there are 5 parts:
FName - first name: dictionary file.
Fixed "_"
YY - year: brute-force 2 chars long with "0..9" charset.
Fixed "_"
LName - last name: dictionary file.

Copyright © 2003-2017 .
Thegrideon Software and Thegrideon Service are trademarks of Thegrideon Corp. Terms of use | Privacy.
All trademarks, logos, product names & pictures mentioned or displayed herein are the property of their respective holders.