AI cracks 51% of passwords in 1min
submitted 8 months ago by [deleted] from (homesecurityheroes.com)
view the rest of the comments →
[–]TitsAndWhiskey 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - 8 months ago (2 children)
Typically per user name
[–]binaryblob 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - 8 months ago (1 child)
So, how are they going to stop a DoS attack that will lock out everyone?
[–]TitsAndWhiskey 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - 8 months ago (0 children)
I’m not sure I understand. Like, how do they stop a single IP from trying hundreds of thousands of user names until each one gets locked out? There’s typically a limit there to how many you can try before you’re just denied access.
I’m not a hacker, but my understanding is that isn’t how password cracking happens. It doesn’t go through the UI.
When a company has a data breach that gives the attacker a list of user names and passwords, the passwords are hashed, i.e. translated from the plain text password to a seemingly random string. It would look something like:
binaryblob, qhbzxtwzl2 TitsAndWhiskey, haubedhhd24
Now hashing is one-way. Even if you know the hashing algorithm used, you can’t deduce the plaintext password from the hash.
When you log into the site, it hashes the plain text you’ve entered, then compares it to the hash stored in the DB for that user name. If it matches, you’re authenticated.
So “all” the hacker needs to do if he has that list of user/hash combos is to figure out which hash algo is being used, then try every single character combo to see what generated hash matches. This is called “brute force” and it takes a long, long time. Impossibly long once you get into more than 8 or 9 chars.
To speed things up, there are lists of common passwords, words, and number/letter replacements that typically appear in passwords.
AI should theoretically be able to make better guesses based on your user name, either through commonality with other, similar user names, or by scouring the web to make better guesses about what you might use as a password based on your web history.
Not sure how this particular tool is purported to be working, but that would be my theory of how to use AI to speed up password cracking.
But the point is that attempts aren’t limited by the UI at all, since the raw data is obtained via a data breach.
use the following search parameters to narrow your results:
e.g. sub:pics site:imgur.com dog
sub:pics site:imgur.com dog
advanced search: by author, sub...
~3 users here now
view the rest of the comments →
[–]TitsAndWhiskey 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (2 children)
[–]binaryblob 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (1 child)
[–]TitsAndWhiskey 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (0 children)