View unanswered posts | View active topics It is currently Tue, 2018/12/18 11:58 am



Reply to topic  [ 9 posts ] 
OTFBrutusGUI start index is greater than password count 
Author Message

Joined: Wed, 2012/11/14 12:42 pm
Posts: 5
Unread post Can anyone help me with OTFBrutus GUI?
Hi i am trying to decrypt a file container that i have forgotten the password to and i can't get it to run after reading the help file.

It gives me error message that start index is larger than password length. 1>-50000000 or something like that. I am not using a password definition file so i am not sure why i am getting this error. I am trying to do a pattern.

This was my custom pattern I tried using but never works due to error above. I tried using a general one too if i made an error in my pattern

tried this
[ -~]{8-20}
and this is mine
[qwertyQWERTY1-7!@#$%^& ]{8-20} I might have put a space in their so i put a space at the end which i think is the right way?

Thanks for the help!

here is screen shot too

Oh also i know i used whirlpool hash but not sure if it was AES-twofish-serpent or vice versa so i selected both

http://img197.imageshack.us/img197/5...screenshot.png


Wed, 2012/11/14 12:45 pm
Profile

Joined: Wed, 2012/11/14 1:04 pm
Posts: 1
Unread post OTFBrutusGUI start index is greater than password count
Hi Tateu

Thanks for creating OTFBrutusGUI

I am trying to use Password Pattern, like [abcdefgh123456]{22:3}
where the starting set is about 16 characters and the target password is 22 characters with no character repeated more than 3 times
I get this error
"start index is greater 1 > -9223........." where -9223 is a very long negative number

How can I fix this?

Does the symbol "!" have to be escaped?


Wed, 2012/11/14 1:16 pm
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 307
Location: Los Angeles, CA USA
Unread post Re: OTFBrutusGUI start index is greater than password count
Both of you use password patterns that contain way, way, way (and just for good measure one more) way too many password possibilities.

[ -~]{8} (without the -20) contains (95^8) 6,634,204,312,890,625 possible passwords. That's in the quadrillions.
[ -~]{8-20} contains so many possibilities that OTFBrutus GUI can't even do the math to count high enough (95^8 + 95^9 + ... + 95^19 + 95^20). Same goes for your second password pattern.

[abcdefgh123456]{22:3} contains 16,398,978,063,355,821,105,872,896 possible passwords. That's in the septillions.

[qwertyQWERTY1-7!@#$%^& ]{20} contains (27^20) 42,391,158,275,216,203,514,294,433,201 possible passwords. That's in the octillions.

The most possibilities that OTFBrutus GUI can try is 2^63 - 1, which is 9,223,372,036,854,775,807 (which is in the quintillions).

That's all just theoretical though and doesn't matter in the real world because there is no way your computer can try anywhere near that many possibilities in your entire lifetime. Just try a simple pattern of [a-z]{4} and look at how many passwords per second it can try. With the first three hash algorithms checked, XTS mode and all encryption algorithms checked, my 16 thread Quad core machine can only try about 150 passwords per second. There are 3,600 seconds in an hour so my computer can try 540,000 passwords per hour.

OTFBrutus GUI can really only help in situations where you forgot a few characters of your password, not an entire password of 20+ characters.


Thu, 2012/11/29 2:47 pm
Profile WWW

Joined: Wed, 2012/11/14 12:42 pm
Posts: 5
Unread post Re: OTFBrutusGUI start index is greater than password count
[qwertQWERT1-5!@#$%^ ]{15-18}

would that work? Also is leaving a space in there how you use a space?

Also how does it take that long? I thought i remember it not taking a old P4 more than a couple months to crack a 9-12 char password using all chars I am only using 24 chars. Also i am using a 3720qm at 3.6GHz

Also if my CPU can do 125000 DMIPS how can it only due 160 passwords per second? Does it really take almost 1,000,000 operations to do one password?

btw this works: [qwertQWERT1-5!@#$% ]{13-18}

Is there a way for you to create a pause button to allow people to continue to work on it on and off? Also maybe a save progress would be awesome. Also i know all the chars i used but not the combination ^^ I used the 5 in top row and space bar and ~first 5 numbers/specials. Doesn't seem like that many combinations. It is not even a 1/10 of the keyboard.

Lastly, I am still confused on how it requires almost 1,000,000 operations to do one password. How did people brute force a password on a P3? it would have gotten like .5 passwords per second....might as well do it by hand


Last edited by HopelesslyFaithful on Thu, 2012/11/29 4:20 pm, edited 1 time in total.



Thu, 2012/11/29 4:01 pm
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 307
Location: Los Angeles, CA USA
Unread post Re: OTFBrutusGUI start index is greater than password count
[qwertQWERT1-5!@#$%^ ]{15-18} is still larger than OTFBrutus GUI can count and even if it could count that high, it is still way, way, way, way too large for you to crack in your lifetime.

With the default options checked, on my computer OTFBrutus GUI can try all combinations of [qwertQWERT1-5!@#$%^ ]{6} in about 4.5 hours, [qwertQWERT1-5!@#$%^ ]{7} would take about 102 hours, [qwertQWERT1-5!@#$%^ ]{8} would take about 2217 hours and [qwertQWERT1-5!@#$%^ ]{9} would take about 49100 hours. Can you see where I am going with this? You cannot hope to crack a password with that many unknown characters.

Yes, that is how you use a space.

TrueCrypt uses a hashing method with 1000 or 2000 rounds that significantly slows down the amount of passwords that can be tried per second. http://www.truecrypt.org/docs/header-key-derivation


Thu, 2012/11/29 4:20 pm
Profile WWW

Joined: Wed, 2012/11/14 12:42 pm
Posts: 5
Unread post Re: OTFBrutusGUI start index is greater than password count
BTW updated my post after your reply so double check it. So the reason why its so slow is because of truecrypt? thats why it requires ~1DMIPs per password? That blows. How why even bother making a password longer than 10 chars if you can't bypass that speed bump.


Thu, 2012/11/29 4:23 pm
Profile

Joined: Wed, 2012/11/14 12:42 pm
Posts: 5
Unread post Re: OTFBrutusGUI start index is greater than password count
ops i did that wrong i mean it requires ~1000 DMIPs per password. that is that is ~1,000,000,000 operations per password? WHHHAAAA? How does truecrypt hash make it use that many operations?

EDIT: my bad i had F@H running. I get 360 passwords a sec using this [qwerQWER1-5!@#$% ]{13-18}

How long will that take? I don't see a timer. Still ~350 DMIPS per password is nuts! Thats 350,000,000 operations for a single password O.o It makes it entirely uneconomical to brut force any password unless you know almost exactly what it is! I know exactly what characters i used and its almost impossible!

Wait is it saying i am going to use 27,000,000,000 hours to crack it at 360 PPS? Is there any other way to make it faster? Is there a GPU version?

EDIT: alright heres a different approach. Maybe you can help me limit the numbers!

my password is something like this

q WE r !@ 3 $%
q W E r ! @ 3 $ %

or close to it...maybe different orders of spaces or holding shift key. But no number or letter is repeated. How do i go about making it more restricted. I know it follows that order and non are repeated but not sure if all are used.


Thu, 2012/11/29 4:25 pm
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 307
Location: Los Angeles, CA USA
Unread post Re: OTFBrutusGUI start index is greater than password count
You'll have to look at that TrueCrypt documentation page I linked to and read up on the methods it uses to figure out why it takes so long.

I can't really create a pause button that will work correctly. I've never been able to figure out how to jump into the middle of a password pattern without having to calculate all of the previous passwords.

To make it faster turn off any hash methods you are positive you did not use and if you did not use any cascades turn them off. There is no GPU version of OTFBrutus GUI available, I have never found an open source GPU enabled encryption library to use. However, there is another TrueCrypt brute force program available that supposedly has GPU capabilities (I don't have a supported GPU, so I have not tried it). Ivan Golubev's Password Recovery Suite http://www.golubev.com/igprs/ . I have tried it in non GPU mode and it is faster than my software anyway. It used to only work with SHA512 containers but RipeMD160 and Whirlpool were added recently.

You can read about other software I have found for brute forcing TrueCrypt volumes here: viewtopic.php?f=2&t=246

I know of no way to help with that password problem of yours (q W E r ! @ 3 $ %). There are just too many password possibilities.


Thu, 2012/11/29 5:00 pm
Profile WWW

Joined: Wed, 2012/11/14 12:42 pm
Posts: 5
Unread post Re: OTFBrutusGUI start index is greater than password count
thanks i'll check them out and always keep yours saved for other issues down th road. I am using AES twofish serpent or vice versa and its either SHA512 or whirlpool so thats have i am already using getting 360 pps. i'll try th other out and hope i can get it to go faster than 27 bil hours ^^ If I can't get it under a year i'll hold onto it and try again in a 5-10 years lol


Thu, 2012/11/29 5:04 pm
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 9 posts ] 

Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software