Skip to content

Brute Force Password Cracker *

Static Badge Static Badge

In a world where digital security is paramount, the ability to understand and test password vulnerabilities is a powerful skill. With this project, you will build a brute-force password cracker capable of systematically trying every possible combination of characters to break a given password.

Implementation Guidelines

  1. Running the Program:
    • The program can be run in different modes (sequential, parallel, distributed/CUDA) by specifying a parameter.
    • The system should accept a password hash as input and attempt to find the matching password.
    • Allow users to define a mask (e.g., certain known characters or positions) to narrow the search space and speed up the process.
    • Combine brute force with a dictionary attack by trying common passwords or phrases before attempting all combinations.
    • The program must measure the run-time needed to crack the password and log the number of attempts made.
    • A "time to crack" metric should be output after each successful cracking attempt, giving the user feedback on the performance in different modes.
  2. Problem-Specific Requirements:
    • GPU Acceleration: The student can decide to implement GPU-based acceleration using CUDA to increase performance instead of implementing a distributed version.
    • The implementation must attempt every possible combination of characters within the specified character set and password length.
    • The program must automatically adapt to the hardware it is running on (number of cores, memory, etc.).
    • The program should report real-time progress and allow the user to interrupt the process at any point.
  3. Graphical Interface (optional):
    • The user can specify the following parameters:
      • Target: Hash of the password to be cracked (given as input) and its type (MD5 or SHA256).
      • Character set: Define the allowed characters for the brute force attack (e.g., lowercase 'a-z', uppercase 'A-Z', digits '0-9', and special characters).
      • Maximum password length: The upper bound for the password length that will be attempted.
    • The graphical interface could allow users to input the target password hash, select parameters (character set, length, etc.), and view the progress of the cracking process in real-time.
    • A simple progress bar or text output should show the status of the cracking attempts.
    • The interface should display the cracked password and the total time taken upon successful cracking.

Testing

All three versions must be thoroughly tested. The tests should be performed under different configurations and workloads, with a focus on measuring the system's ability to handle increasing complexity:

  • Password Length Testing:
    • Set the character set to lowercase letters ('a-z') and test cracking passwords of increasing lengths (e.g., 4, 5, 6, 7 characters).
    • Measure the time required to crack each password in sequential, parallel, and distributed modes.
  • Character Set Testing:
    • Set the password length to a fixed value (e.g., 6 characters) and vary the character set (e.g., lowercase, lowercase + digits, full alphanumeric, alphanumeric + special characters).
    • Measure the time required to crack the password for each character set and mode.
  • Dictionary attack test: The implementations should be tested by providing a sufficiently large dictionary of potential passwords where the target password can be found in the dictionary.