Cracking Passwords in Forensic Investigations - Scholarly ...
Cracking Passwords in Forensic Investigations - Scholarly ...
Cracking Passwords in Forensic Investigations - Scholarly ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Thus, the cost of crack<strong>in</strong>g a password can be calculated as:<br />
Cost of crack<strong>in</strong>g a password = Direct costs + Fair share of <strong>in</strong>direct costs.<br />
The time required to crack a password determ<strong>in</strong>es the <strong>in</strong>direct costs such as power<br />
costs and computer and equipment depreciation costs. Thus, the amount of time<br />
spent would be directly related to other <strong>in</strong>direct costs. Because of this, if the<br />
amount of time is reduced or managed, it could be possible to reduce or manage<br />
the costs of crack<strong>in</strong>g a password.<br />
2.4.2.3 Time Estimation<br />
As discussed above, time is the direct cost <strong>in</strong>volved for the purpose of calculat<strong>in</strong>g<br />
the costs of crack<strong>in</strong>g a password. It is difficult to estimate the time required to<br />
crack a password. If the password is ‗len‘ characters <strong>in</strong> length and the character<br />
space conta<strong>in</strong>s ‗alpha‘ number of characters, then the key space (the space<br />
conta<strong>in</strong><strong>in</strong>g all possible comb<strong>in</strong>ations of passwords) of the password ‗k‘ would be<br />
alpha len (Rowan, 2009). Therefore, as the number of characters and the length of<br />
the password <strong>in</strong>creases, its key space <strong>in</strong>creases exponentially. This can be shown<br />
<strong>in</strong> Table 2.3 below.<br />
Table 2.3: Comparison of character space, length, key space and maximum time<br />
taken to crack a password (Adapted from Rowan, 2009, p. 5)<br />
Character<br />
Space Length Key Space<br />
10 4 10000 1 sec<br />
10 5 100000 1 sec<br />
10 6 1000000 2 sec<br />
26 4 456976 1 sec<br />
26 5 11881376 24 sec<br />
23<br />
Max. Time to Crack @ 500,000<br />
<strong>Passwords</strong>/Second<br />
26 6 308915776 10 m<strong>in</strong>utes<br />
26 10 141167095653376 9 years