Mathematics is fun and it becomes more amazing once we integrate maths with another awesome topic i.e hacking and arithmetic help in hacking?. There could also be many questions inside your mind like why hackers should need knowledge of mathematics and the way to use mathematics for hacking. If you ever consider this question then this post is for you. Let’s start our article fellow members of toptechpal!
Let’s begin Mathematics in hacking !
Shall we start how mathematics help in hacking? Let us assume that a web application uses following algorithm for their password.
First_four_letters_of_alphabet_in_uppercase + year_of_birth
This seems easy to crack but think once brute-forcing this may take ages as there are 4 uppercase alphabets & 4 digits involved. in order that they create 2821109907456 combinations and it might take 90 years to crack the password if we try 1000 combinations per second.
Now, Who will spend 90 years to hack a singe account?
But if you’ve got some knowledge about mathematics and a few brain you’ll be able to easily hack that account with in few seconds.
Let’s apply some mathematics in this scenario
Now let’s examine more how mathematics help in hacking. First let target the algorithm. the mixture is within the form:
([A-Z][A-Z][A-Z][A-Z])([0–9][0–9][0–9][0–9]) (4 uppercase letters) (4 digits) (Group 1) (Group 2)
The alphabets are during a group and lie before the digits which also are grouped so there’s no possibility that they’ll be mixed to create a mixture like S2N65GE1 . So what percentage combinations are possible after considering that?
Lets calculate the amount of combinations of 4 letters which might be formed by 10 digits i.e. 0-9 :
(10)⁴ - 1 = 9999
So there’ll be 9999 possible combinations. Great! Now let’s calculate the identical process for alphabets.
(26)⁴ - 1 = 456975
And all the combinations of 9999 digit and 456975 alphabets combinations will be:
456975 * 9999 = 4569293025
And if we try 1000 combinations in 1 second we’ll need this much of your time
4569293025 / 1000 = 4569293.025 seconds or 52 days 21 hours 14 minutes and 53 seconds
Just using some brain and arithmetic We just decreased the time required from 92 years to 53 days!
The change is orgasmic but it’s still an excessive amount of time. What else may be done?
Here’s the catch, these are just not 4 alphabets and 4 digits, these are four alphabets & year of birth of somebody.
A human can live up to 100 years which suggests someone born in 1642 can’t be alive and hence can’t have an account.
Time traveling is additionally impossible at the instant which suggests someone who goes to turn in 2594 can’t travel back to the time to make account.
So the combinations starting from 0000–9999 aren’t valid. We just need the 1920–2020 range which covers humans old 0 to 100.
So now the amount of combinations and time required is:
456975 * 100 = 45697500 combinations 45697500 / 1000 = 45697.5 seconds or 12 hours 41 minutes 37 seconds
We just decreased the time required from 92 years to 53 days and now to 12 hours! It’s all thanks to mathematics.
Now if there’s slight change in algorithm we will further decrease our time. If the algorithm is like:
first_four_letters_of_first_name_in_uppercase + year_of_birth
We can decrease the time from hours to seconds. Let’s apply maths here again:
Just like all the combinations of digits weren’t valid years of birth, similarly AAAA or PZVS aren’t valid for the first four letters of a name.
So what would an attacker do?
They used Photon to scrape names from an internet site which was basically a directory of names and let’s say we found 3283 unique names! you’ll follow this link for photon. Use the subsequent command to extract the primary 4 letters and filtering out the duplicates
grep -oP ”^\w” custom.txt | sort | uniq | dd conv=ucase
There are 1598 entries!(say) It may be even less as there are many duplicates, for instance the primary four letters within the names Sanjeev & Sanjit are same.
Anyway, let’s calculate the time required now
1598 * 100 = 159800 combinations 159800 / 1000 = 159.8 seconds or 2 minutes 39.8 seconds
Hmmm? Decreased time from 92 years to 2 minutes to crack a password by just using simple mathematics. Now can we further decrease the time? the solution is yes.
Let’s use some facts for that!
WORLD HAS over 50% OF ITS POPULATION BELOW THE AGE OF 25 AND over 65% BELOW THE AGE OF 35.
So rather than creating combinations with age 01–100, a sensible move would be to do this:
25 – 01 (reversed because young ones don’t seem to be likely to own an account online)
25 – 35
36 – 100
So if we take the age statistics into consideration, the prospect of matching the right password in first 1598 * 25 = 39950 combinations is 50% which implies we’ll crack half the passwords in 39950 / 1000 = 39.95 seconds! And within the next (1598 * 10) / 1000 = 15.8 seconds , we’ll have %15 more passwords! So basically we’ll have 65% of the passwords in 55.9 seconds . we’ve come a very long way!
This is just a theoretical example of how we are able to use mathematics help in hacking.
#In association with Thetechrim
Hope you enjoy it!
This was just a fun article on how mathematics help in hacking. If you want to get such awesome and interesting articles then feel free to subscribe to our newsletter and turn on notification of our website on your browser. Feel free to share and support us. Bye till next post.