Recommend a language for this - distributed, concurrent application

AARRRGH

Hello

I am thinking of writing a distributed, concurrent application which is used to brute force attack encrypted files.

There would be a server application and numerous clients. The server keeps track and assigns key ranges to each client. Etc.

Can anyone recommend a language (if possible, not Java) which would be good for this task?

Thank you.

ianhobo

what sort of encryption techniques will you be trying to brute force?
If they are "real world" implementations ex: public key, rsa etc then I imagine that speed/efficiency would be important as a brute force attack could take a relatively large amount of time. In that case the "lower" the level of language you could choose the better.

C or C++ would imho be the best place to start. There wouldn't be much "faster" languages apart from a assembly implementation. You should also be able to find lots of code to help.

If its a proof of concept model your trying to develop, then a higher level language such as c# would suffice. You'd of course be potentially sacrificing the efficiency/speed of the executing program in favour of a quicker development time......

AARRRGH

Thanks for your reply Ian.

It is a proof on concept model, although I'm probably just going to crack DES, so it should be doable within a reasonably short amount of time.

I know DESCHALL (the first guys to successfully brute force attack DES) wrote their application in C, and have in fact released their code, so maybe C would be the best route.

I haven't really used C in years though...

pH

The server and client can be in 2 different languages - in fact it makes little sense to make them the same. The server basically hands out blocks of keys to try and remembers/manages this process. PHP (or any simple scripting language) on top of a database like mysql would be perfect for this.

The client basically needs to be able to connect to a server over http, identify itself, retrieve keys/cyphertext, run through them and post results back to the server.

I guess the things to consider here are:

- Your familiarity with language
- How efficient/fast you need it (interpreted/vs bytecode vs compiled)
- Availability of existing code in that language (cryptography and comms)
- Target platforms (Windows only? Windows and linux) etc

Depending on how you prioritise the above java, C++ or even a language like Python might suit. .Net (C#) might also be an option.

ianhobo

cool Still not an easy feat mind you!

Seen as its proof of concept stuff you could probably go with a higher level language to start with. One that you know in order to get your algorithms working and your distributed model working. Networking in a high level language like c#, or java is a breeze, but networking in C is a major pain if you haven't done it before.

You could also combine the two, networking elements in a higher language, and the attack algortihms in C, either through a dll or a seperate exe

Here's some DES encryption source code in C for you,
and some in php,javascript, and perl

If you get it working with DES, there are a lot of encryption systems in use today that use triple DES

What languages are you familiar with then?

AARRRGH

Thanks for the replies.

I hadn't considering the server in language A, client in language B system. Interesting!

I've been programming in PHP for about 8 years, Perl about 4 years, C and C++ for about 2 years (but that was ages ago), and Java (academically) for about 5 months.

Java is simple for client/server, but I'd prefer to go the "the client is an exe" route.

Thanks again for the replies - very helpful.

Martyr

dublindude, i'm *slowly* putting together a tool which includes distributed attack against SHA-1 derived hashes - but it only works on specific ranges of the key.

its not same as attacking the whole DES key as you would see with DESCHALL though..

there are a few things you could look at:

MPI (Message Passing Interface, there are various versions of this) for C programmers, which was used to create John The Ripper patches (check the mailing list for discussion on "MPI or PVM?")

PVM (Parallel Virtual Machine) for C programmers..

If you search online for either PVM or MPI in other languages, you might find something useful there.for example JPVM (Java) and also mpi.NET, but the JPVM is quite old now..still worth a look of course.

And of interest might be new-ish project called BruteNET on sourceforge, written in C++ which would only require you to write the actual module used to attack DES.

You might also want to look at Matthew Kwans Bitslice code which is much faster than normal DES implementations.

And if you are writing your own implementation to attack certain keys, there is a way to pre-compute key schedules, store in memory and then join these together when required to test new keys, which works out faster than calling str_to_key() / des_set_key() alone.

i wrote an example program for this in C and x86 assembly.