So I get the more complicated and long the password the harder it is to brute force, but do these programs start with like 111aaa and then go to like 111aab and so forth. Or, are they just trying every combination randomly? If the latter, isn’t there a chance (a very small one) that if it is kinda random that they could break a really good password on like the first try? Similar to winning the lottery? If it’s not random, that has its own issues. I don’t get it. Help.
In: 0
In the old days it was common to do as you say, set your min+max length plus a character set and start at the beginning and go until you cracked it or exhaust your combinations. If exhaust then increase your range and/or charset.
That isn’t efficient so these days you want to start with a dictionary of passwords. The dictionary is a culmination of passwords leaked from databases in addition to generated combinations using words, names, numbers, l337 speak m1cro$oft, etc.. If you exhaust your dictionary then it’s back to the drawing board.
Just to add trivia, in modern times when user account databases are leaked they generally reveal 1-way hashed passwords (can’t be reversed) instead of plain text passwords. You can’t login with the hashed passwords but you can sometimes use those hashes to determine what the original password was. In the old days you could do this by looking up weak hashes in Rainbow Tables. If you were lucky those passwords weren’t hashed and rather were encrypted (bad practice) and you could try and tackle the decryption.
Latest Answers