[Cryptography] Brute-force password crackers?

Jeffrey Goldberg jeffrey at goldmark.org
Tue Dec 28 16:43:39 EST 2021

On Dec 23, 2021, at 8:54 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> Could someone please explain the current strategies of brute-force password crackers these days?

There is not single strategy, as these get tailored to a number of things (which I will get to below).
> I presume that huge dictionaries of existing passwords, words, phrases, etc., + brute force alphabetic enumeration in order of probability?

A variant of this is very common. A dictionary and a list of transformations to perform variants. The transformations include all the simple things you’d expect like replacing “o” with “0” and adding “!” at the end and so on. They also involve combining “words” or common password elements.

How these get prioritized is tunable in the systems designed to do this and the tuning will depend on a number of things.

For the most part, everyone starts by checking the most common 100,000 passwords or so, and then moves on from there, but how they move on depends on a lot of things.

One target or many?

Many hashes

A very common scenario is that the attacker has a whole bunch of hashes for a single service. In this scenario they aren’t focusing on a single individual but seeing how many passwords they can crack. The Crack Me if You Can challenge simulates this, and so you can read the write-ups of the participating teams to see how they tuned their strategies if you want to get to the nitty gritty.

Some tuning will be tied to the specific service. For example, if you have hashes from LinkedIn you will seed the guess generation use things “LinkedIn” or “LI” as a base word to catch things like “LISekret123” or “pwd!Link3d”. Naturally, you will look at the password creation requirements of a site. If you are have the hashes for a organization that requires regular password changes you will use things based on month, year, season among your common “base words”. I don’t know if anyone has looked at this, but I’d be willing to bet that places with frequent password change requirements will have a greater frequency of angry profanity. And then there are porn sites with lots of things like “ILoveCrystal”.

If there are enough hashes you are going after that way, you will adapt your priorities as you go along. If you find that some of your transformations aren’t catching much, then you lower the priority of using those rules.

Some schemes (that don’t actually work well in practice when you are trying to break a lot of things quickly) will attempt to build either Markov models or probabilistic context-free grammars from already cracked things and then apply those to generating future guesses.

The password hashing scheme also plays a roll. If things are hashed with a “fast hash” then you don’t want your guess generation to be a bottle neck. But if things are hashed with an expensive hashing scheme, making it work to test a particular guess, you can have a slower guess generation scheme.

Single target

Let’s now consider sort of the opposite of the LinkedIn type case. Suppose you are going after a suspected criminal’s disk encryption password. Here you will focus on passphrase, in which case the things like the PCFG are more likely to get you success. You will also use as much information about your target as possible and feed that into your guess generation system.


You also tune your guess generation system to how it can integrate with your guess testing architecture. You may have a mix of GPUs, CPU cores, FPGAs that you are throwing at this. You might, for example, put your fastest testers on the generation rules you have the most confidence in. (Again, this kind of optimization isn’t worth the effort if you aren’t going to expect things to run for a while.)

I’ve listed only a few types of cases, but these are to illustrate the fact that attackers are able to tune how they generate guesses to the circumstances, and they have experience knowing what works and what doesn’t.


Jeffrey Goldberg
Principal Security Architect @ 1Password

More information about the cryptography mailing list