Hacking – Brute Force & Rainbow Table explained


You must have seen in movies how a hacker cracks a password. He take out a small device from his pocket. Connect it to the locker or whatever he wants to crack and then lots of digits and alphabets are shuffled on the device’s screen and in a matter of minutes (and sometimes in seconds), the thing is unlocked. Pretty Impressive but it doesn’t happen that way. Basically a online system (by online system i means a system which requires you to log in to get access) can’t be hacked like that. Even a password stored in a offline file can’t be hacked so easily.

Lets take it as easy as it can get. You want to access a file which is password protected. You create a program that tries every possible combination of alphabets and numbers and then feed it to the file if its the right one. This procedure is repeated till the right combination is accepted by the file. This is what we call as a attack. And this very procedure of trying possible combinations is called Brute Force Attack.

Now executing such a program which is required to provide every possible combination requires a very good computing power. The time that it consumes in breaking a password depends on the length of password and the processor speed. Faster the processor, shorter the time it takes to crack the password. Think it would be easy if you have a dual core or quad core, Think again. On Desktop PCs it can take days to crack a password.

Memory Space Trade Off – It is a situation in which time taken for processing can be reduced at the cost of space and vice versa. To make it very clear, lets see this again with the help of an example. In the previous example, we can process the different combination before hand and then store them in a file. And when you need to break a password, combinations are retrieved from that file and this lessens the load on the processor. The only time consumption in this case is the retrieval of data from that file. This file is what is known as a Rainbow Table. It can break passwords in a few minutes and in even a few seconds depending how strong is the password. It can be obtained from the World Wide Web but beware of its size. Its size is in GBs.

Now even if a hacker has the best of hardware, he can’t hack that easily. Why? Ever entered a password wrong multiple times? It requires you to enter the image to confirm that you are a human and it is not a account and even if that fails (yes there are algorithms that can read the text behind the image), the user is forbidden to enter the password for a fixed amount of time. So, there is no way in hell that a hacker can hack by Brute force or even with the help of rainbow tables. But it surely gets the job done for offline files.

If I write more here in a single post, it would be difficult for many of us to analyze the information. So, more in coming posts. Use the comments section to ask questions or for leaving a response.


11 responses to “Hacking – Brute Force & Rainbow Table explained”

  1. Hmmmm… That is a cool post, how do you get such information. I don’t know much about hacking but this information is really good, at least to know what can happen around us.

  2. Thanks for appreciating the write up.

  3. Mohammed Bello Avatar
    Mohammed Bello

    hey i realy find your post very usefull, i always wanted to be one of the greates hackers in my country i wish you can help me get that dream done with posting more information tanks dude keep it up.

  4. death-coder Avatar

    thnx for the useful info …
    can u help me on how to run programs on other pc’s ?
    i want to crack a friends msn … and i want to run an authorized msn pass recovery on his computer and gain info from it
    or just run a keylogger on his computer …
    help me if u can

  5. Okay, ur blog server provider handles it. Thats good.
    BTW it was just trying the most command code injection example. You can delete my previous comment.
    Thanks lol

  6. casanova Avatar

    i got this information in my childhood
    try to provide more information

  7. well yeah u got that good but one thing i tell ya if u r using for the smaller password u told took lot of tym but there are certain algos which are pretty effective in this case …………….

    there is a password stealer for msn u can have it frm net and u can use keylogger too or any trojan

    1. @Nishu
      How about sharing something in regard to those super effective algorithms?
      And before you use any tool or software to hack others, make sure it doesn’t hack you. Read : http://blog.ashfame.com/2007/11/sofware-crack-means-security-crack/

  8. thats up to u that u trust or not ………lol

    n abt algos thats the thing depend on the technology……. if u just go for the brute force then for the best strong passwd it cd take maximum of 72 year to break………. so algos are used along with brute force in order to minimize the tym ………. u can get more info abt it just google abt it (spcllly in russsian n chinese google u wd find things )

    1. @Nishu
      How about sharing the knowledge with everybody else by a guest article over here on my blog?

  9. yaar if i wd be free lyk dat posting things then i cd have make ma own website ………….. bahut alsi hu

    and i appreciate u ki tumne 12th se hi website bana li n earning good amount ……….. go on man