Bruteforce algorithm

[arkader]

Hi everyone,

I have written a small script in javascript to try the security of my forms on my website.

So far, the script only list the differents combinaisons of the alphabet.
The result is stocked in the variable allData.
You can change the number of caracters, by modifying the value of the variable n.

For instance, if n = 3, then the result will be
a,b,c,d,e,f …….
aa,ab,ac,ad,af …..
aaa,aab,aac ….
until zzx,zzy zzz

However, the script is very slow, do you have any ideas how can i speed up the algorithm ?
here is the script : http://jsfiddle.net/arkader/dpfdvdtv/

ps : the result is logged in the javascript console

Thank you very much

[nkrisc]

What exactly are you trying to test with regards to security?

[arkader]

Hello nkrisc,

I have a wordpress portfolio, and i would like to test the vulnerability
of the admin password.

ps : here is my portfolio http://emalsaifi.com/

Thank you

[nkrisc]

I suspect you’re not trying to test the vulnerability of the password, but trying to test the vulnerability of your form to brute force attacks?

Because yes, your password is vulnerable to a brute force attack. Every password is if the attacker is allowed to work long enough (for a good password long enough might be millions of years). I think you’re overkilling it. You don’t need to test every permutation of a password, you just need to test your defense mechanisms (lock out after X wrong passwords) are functioning, so your test should just enter X incorrect wrong passwords and you can verify your form is behaving correctly.

Trying to determine how long it will take to brute force your password seems pointless to me. Let’s say you prevent login attempts for 10 minutes after 10 failed attempts. Unless your password is literally ‘password’, you’ve effectively made it impossible to brute force your login form.

[Author]

Posts