Log In  

Cart #bruteforcepw-1 | 2022-10-20 | Code ▽ | Embed ▽ | License: CC4-BY-NC-SA
4


(v01 10-20-22)TO LOAD THIS PICO-8 CART, in immediate mode, type: load #bruteforcepw

Hello.

I was looking at the source-code of @Guest122's program:

https://www.lexaloffle.com/bbs/?pid=119387

To guess someone's password and while his has a dictionary, I did want to point out just how quickly and how unsafe it is to have a small password for instance on one of your internet accounts.

So I wrote this program. What it does is allow you to input a 4-letter word via the regular joystick and then through brute force go from AAAA to ZZZZ to find what your password was, and tell you how long it took to search.

Run it. Use the UP and DOWN arrow keys to change letters, the LEFT and RIGHT arrow keys to change character positions and the 🅾️ and ❎ keys to accept that letter or delete one.

For instance XRAY is found in only 13.9 seconds.

A word like ADAM is even faster since the first letter to search is already A, in at 0.0667 seconds.

Be aware that 'bots traveling the internet and using this method to guess people's passwords are millions of times faster than this and can handle a lot more characters like 9-10 in just seconds. Always use a good and complex password when creating accounts online.

I may follow this up with a comprehensive password generator, that generates passwords based upon what you know so you will never forget it.

BY THE WAY, I was wondering if someone could please post a better version of what I did above. It would be code to demonstrate the same thing yet not use an array - and the string can be any length, so it's not just limited to 4-characters.

Essentially you could have a 4-letter word like, "PANE." Then in the code you write guess for it, but do not use arrays. You would have to examine the actual characters and letters in the string. I couldn't figure that out in my head is why I used an array.

P#119388 2022-10-20 16:00 ( Edited 2022-10-20 16:15)

2

It doesn't look as pretty, but I made something that should support passwords up to an almost infinite length (although not always practical given the speed of PICO-8)

Cart #bruteforcepw_rewrite-0 | 2022-10-21 | Code ▽ | Embed ▽ | License: CC4-BY-NC-SA
2

Edit: oh no! it seems there are 2 bugs, both of which happen under very similar situations

  1. an error if the password 'a' because the password is correct initially, never entering the loop therefore never setting the end time.
  2. an unexpected result if the password ends with 'a', because it adds the letter 'a' if the string is all 'z's but never checks if it's right before advancing it to 'b'

I'm currently on a small holiday, but I will fix it when I get back if it hasn't already been done by someone else

P#119412 2022-10-21 03:06 ( Edited 2022-10-22 04:50)

It's not so difficult in other languages where you can pull a string character like Pico-8 via: a="apple" b=a[4] and get back l

Yet Pico-8 cannot reverse that and let you go, a[4]="x" - unfortunately.

But looking at your code, there's the glory, @TetraPengwin !

Nicely done ! And yes, what you wrote is over my head. I really do appreciate you posting notes to - to explain what is happening. I'll see if I can learn something here.

It should also run faster if you turn off the clock and only show elapsed time for two occasions.

  1. The target word is reached. Show elapsed time.
  2. The target word is exceeded. Quite simply check the current length of the word being built and if it is larger than the target word, end stating could not find it. Show elapsed time.
P#119413 2022-10-21 03:14
1

So the moral of the story is your passwords should always be ZZZZ.

P#119429 2022-10-21 15:04

@ooooggll. Oh you made me laugh ! That's not easy to do. Good morning, gold star for your epic wit. :)

P#119430 2022-10-21 15:31

[Please log in to post a comment]

Follow Lexaloffle:          
Generated 2024-03-28 11:24:43 | 0.064s | Q:29