Cracking Passwords: A Real-Life Brainteaser

  • Thread starter Pi
  • Start date
  • Tags
    Crack
In summary, the person has a large number of passwords, many of which they don't use very often, and they keep them all written down in a text file on their computer. The code used to encrypt the passwords is simple and was created in 10 seconds. A friend of the person guessed the code based on the principles it was based on, but they didn't crack the passwords completely. If someone wanted to crack the passwords, they would need to use a lot of effort and know the code.
  • #1
Pi
12
0
Here's a real-life brainteaser for you!

I have a large number of passwords nowadays, many of which I very rarely use so I can't remember them myself. I don't like to use a software password manager, so I keep them all written in a text file on my pc - all encrypted of course. The code I use is fairly simple though, just something I thought up in 10 seconds, and I was slightly disturbed to see how quickly a mate of mine guessed the principle it was based on, although he didn't crack it completely.

I'm interested to know how quickly it can be cracked with a moderate amount of effort from an intelligent non-expert. So here's a sample of my password file - go to it! The first person to crack them wins respect and a pat on the back.

NB: Obviously, I'm not telling you what these passwords are for, or what the usernames to go with them are. They don't include passwords for accounts where you will be able to get credit card details, access my email etc, and they don't include my physicsforums.com password - they're just the boring accounts which I'd be willing to risk losing

ttg]jy]h
t;i]u#frkdi]i
10132634042
48518963
6899774619
[;iz/yfv/s
,q][.'ty]#0
46195739
.u9p2cqz.p Note slightly extended code due to non-standard characters
']uv[w;;ksyq
qtfc]a['l
ggyhyw]c#yng
iy.eggyhyw]c
khf'g\fw
m]uhfv[r/
4943749598633936
[[k#twgttu/d (clue: hthy) capitals at beginnings of lines
q'mv+'fie!
v0uy3c6
/;hxfgyq title capitalisation
nrqth'ir.w
/;buf#he
 
Physics news on Phys.org
  • #2
Are these simply hashes or individual, unencrypted passwords?

Edit: I guess if they are encrypted then, we are simply looking at some hashes for an unknown cypher.

I don't understand what exactly you are wanting. Are you wanting us to decrypt the hashes and give you the cyphertext for each of the hashes? If so, it's computationally infeasible for anyone here. We don't know the cypher method first of all, which increases the work factor significantly. Sounds like you're wanting us to do something illegal. :rofl:
 
Last edited:
  • #3
They're encrypted passwords, all encrypted in the same way. One thing I should probably have mentioned is that you'll know when you get them right, because at least some of them will contain English words.
 
  • #4
How do we know these passwords are actually your's and not a shadowed-passwd file you ripped off someone's system? If I were to engage in this, I could be an accessory to breaking a law.
 
  • #5
graphic7 said:
How do we know these passwords are actually your's and not a shadowed-passwd file you ripped off someone's system? If I were to engage in this, I could be an accessory to breaking a law.

Because if it's a shadow file, then we'll never crack the code. I'm guessing it's some sort of keyboard cypher.
 
  • #6
If it is, that still doesn't answer the legality issue of this. But like you said, if it were a shadow file, we couldn't crack it. For the most part that's true, but it could have been "shadowed" with DES or MD4 for example which in certain cases can be exploited (most likely not by us).
 
  • #7
Yes, I'm asking for the cyphertext. I know that would be an ill-posed problem
if I was just asking you to guess some arbitrary function, but here's some
additional info: I encrypted the passwords in a very lazy way without using a
computer or any modern cryptography techniques, and once you know the code it's
easy to read them without a computer. The encrypted passwords retain a lot of
the structure of the originals. The unencrypted text is notes to myself about
the passwords - I've given it to you as if you found the file on my
computer.

This isn't a question about factorising enormous numbers or getting a
supercomputer to ruminate on the problem for hours. The way to do it is to use
a bit of psychology, look for whatever patterns you can see, and try a few
things out. Maybe it's still not possible, in which case I'll be reassured, but
I reckon it's only about 1 order of magnitude harder than decoding puzzles you
see in children's puzzle books.

As to it being illegal.. you don't believe they're really my passwords? :) Fair enough. I've set up a physicsforums account called "Pie" with the password
nh]rheh;o
Once you log into that, it will prove I know the code myself.
 
  • #8
Well, I guess you've validated yourself. Cryptography laws are rather harsh in the United States, and I wouldn't want to be subject to that jurisdiction ;) . I'm going to fiddle around with it.
 
  • #9
graphic7 said:
Well, I guess you've validated yourself. Cryptography laws are rather harsh in the United States, and I wouldn't want to be subject to that jurisdiction ;) .

Understandable! I should've anticipated that but it honestly didn't occur to me
 
  • #10
It's obviously not a shadow password file. Also, I should mention some terminology: Pi has given us the ciphertext, and is asking us to find the corresponding plaintext.

- Warren
 
  • #11
Wow ! You use 16 letter passwords ?!
 
  • #12
Gokul43201 said:
Wow ! You use 16 letter passwords ?!

I have the feeling that the passwords themselves are only half the length of the encoded form.

One thing that I find puzzling is that Pi seems to be using passwords which contain recognizable words and then using his code to create encoded versions to store. Wouldn't it make more sense to store the recognizable words and use the code to generate the passwords themselves?
 
  • #13
When you say you DONT need a computer to solve it, do you mean I could sit down with a pencil and paper and solve it? Or do character numbers count? (in which case i don't remember what "]" number is)
 
  • #14
chronon said:
One thing that I find puzzling is that Pi seems to be using passwords which contain recognizable words and then using his code to create encoded versions to store. Wouldn't it make more sense to store the recognizable words and use the code to generate the passwords themselves?

Hey, not a bad idea! Maybe I'll start doing that, except I'd then end up typing my passwords slowly all the time.

Healey01 said:
When you say you DONT need a computer to solve it, do you mean I could sit down with a pencil and paper and solve it?

Once you know the code, there's no need for a computer at all. While you're still trying to find it, it might help to just get a computer to try a large number of possible codes, if you've been lucky enough to include the right code amongst your set, or you might waste more time writing the program than you'd spend trying things manually, I'm not sure.

Anyway, it looks like it's harder to crack than I feared, nice to know! :biggrin:
My friend who I thought came worryingly close had an unfair advantage, so I'll give you the clue he had: whenever I'm decoding these things I have to stare at my keyboard a lot, then look back to the screen, and then back to the keyboard... so I guess it's not *quite* true that you can decode it entirely without a computer, you need the keyboard at least!
 
  • #15
yea, i knew it was going to be a keyboard layout code. Which of the passwords have real words in them?
 

1. What is password cracking?

Password cracking is the process of attempting to gain unauthorized access to a computer system or network by guessing or decoding the correct password. It is often used by hackers or security testers to identify weak passwords and improve security measures.

2. How do password crackers work?

Password crackers use various techniques such as brute-force attacks, dictionary attacks, and rainbow tables to guess or decrypt passwords. They may also exploit vulnerabilities in the system to gain access to password databases.

3. Is it ethical to crack passwords?

No, it is not ethical to crack passwords without proper authorization. Password cracking is typically used for malicious purposes and can lead to serious legal consequences.

4. Can all passwords be cracked?

No, not all passwords can be cracked. Strong and complex passwords with a combination of letters, numbers, and special characters are more difficult to crack than simple and common passwords. However, with enough time and resources, almost any password can be cracked.

5. How can I protect my passwords from being cracked?

To protect your passwords from being cracked, it is important to use strong and unique passwords for each account. You can also enable two-factor authentication and regularly update your passwords. It is also important to be cautious of phishing scams and not share your passwords with anyone.

Similar threads

Am I fraudulent ? HELP HELP
    • General Discussion
Replies
9
Views
2K
Countdown to Doom Release: Revisit the Original and Celebrate with Easter Eggs
    • General Discussion
Replies
14
Views
3K
-Trend Micro Internet Security
    • Computing and Technology
Replies
3
Views
2K
I Atmospheric Density vs Altitude in an O'Neil Cylinder
    • Classical Physics
Replies
1
Views
584
Life is like a box of coffee chocolates
    • General Discussion
Replies
23
Views
3K
BRS: PKI Cryptosystems for SA/Ms: A Tutorial
    • Special and General Relativity
Replies
13
Views
2K
A conjecture on Greek-based biology before 1800 C.E.
    • Biology and Medical
Replies
2
Views
2K
I Need To Interview a Computer Engineer for My Engineering Class
    • Engineering and Comp Sci Homework Help
Replies
1
Views
2K
TabletPCs for Science and Science Teaching [blog entry from 2006]
    • Computing and Technology
Replies
4
Views
3K
News Obama's Nobel Acceptance speech:
    • General Discussion
Replies
9
Views
3K

Hot Threads

Recent Insights

Back
Top