PHP crypt task

Question

PHP crypt task

A friend gave me a call: he encrypted the string using the PHP crypt function (CRYPT_STD_DES) (from PHP4). I know the salt used for encryption, and since crypt is a one-way algorithm, I have to use brute force, and I know that passwords are only lowercase.

Now I have a machine with 16 cores (2x Xeon) and a lot of RAM. The most effective way to implement this power attack (I assume that I have to use PHP, which is not entirely normal, but if anyone has any ideas ...)

[EDIT]

And I forgot to mention, the encrypted view is 13chars long, and the string is less than 8 letters, like a simple password encryption :)

+3

php brute-force encryption

canni Sep 29 '10 at 0:20

source share

3

PHP:

crypt() , Unix DES- , .
. , DES- MD5 . . 5.3, PHP (). , PHP (DES) (MD5), MD5

, crypt() crypt() C. .

-, . PHP , . , Cane Abel Jack the Ripper, , .

-, , . , , , , , ( - ).

PHP , , .

+2

stevendesu 29 . '10 0:28

(, , ) , , , ( John the Ripper).

+1

Tgr 29 . '10 0:33

source share

Ring Ø · Accepted Answer · 2010-09-29T08:19:00+0000

C ( gcc -O2 -lcrypt)
Ubuntu 10.04.1

  #define _XOPEN_SOURCE
  #include <unistd.h>
  #include <stdio.h>
  #include <stdlib.h>

  void inc(char *p)
  {
     int i;
     for (i=0 ; i<8 && p[i]=='z' ; i++);
     if (i >= 8) exit(printf("Not found :-(\n"));
     if (!p[i]) p[i]='a';
     else p[i]++;
     while (--i >= 0) p[i]='a';
  }

  int main ()
  {
    char *salt = "XY";
    char *buzz = "XYaAbBcCZ0123";

    char pass[] = { 'a',0,0,0,0,0,0,0,0 };

    while(1)
      if ( ! strcmp(crypt(pass, salt), buzz))
        exit(printf("Found %s :-)\n", pass));
      else
        inc(pass);
  }

(2.10 ^ 11 ) , , "a" "gzzzzzzz", - "haaaaaaa" "nzzzzzzz" " .., .

PHP crypt task

More articles: