Assignment: Simple Distributed password cracking - the brute force way

In this assignment you are to imvestigate a centralized application to crack passwords and later implement a manually distributed application to crack passwords!
Using more cores or computers should make the program run faster.The goal is to get a high speed-up: That is to see how much faster you can make the program run, compared to the centralized (non-distributed) version of the program.

Centralized (non-distributed) version of the program

The general idea is that you have a password file with usernames and password_hash_values (nicknamed encrypted passwords) separated by ":" e.g. (username:password_hash_value).

You also have a large dictionary (list of words) that users might have used as passwords. The words of the dectionary are run through a Hash Function to generate a "fingerprint"/hash_value, then this "fingerprint" is compared with each password_hash_value from the password file. If you have a match, you have found a password, now in clear text.

Some users might not use an exact word from the dictionary, but may have made some kind of change to the words (transformations), like

Here are given some examples of the changes from above (Be aware not all these transformations are implemented in the centralized version):

As can be seen from this list many users chose passwords which are more or less takes from a dictionary.

Group work

The assignment must be done in groups of 4-6 students. The students will form the groups under the supervision of the teachers.Each group must make an experiment of one main architecture. Depending on the groups motivation and time they can chose to extend and implement a supplementary architecture after the main architecture has been finished.


The centralized version project includes a dictionary "webster-dictionary". For example inside the bin/debug in the Visual studio project.

Password file

The centralized version project also includes a password file. Each line in the file contains username + password_hash_value.
The passwords hash_values are encoded using BASE64 encoding to make them into text strings storeable in a text file.

You can actuall also try a few other dictionaries.

Getting started

To get you started you must download a centralized C# version of the password cracker or the java version centralized Java version of the password cracker and install it.


  1. Run it - and see how much time it uses running on each computer(s).
    Compare the time with CPU numbers and computer speed.

  2. Look at the program, what/where is the time bottle neck in the code.
    This you shall use in next assignment,

  3. Think of a manually controlled distributed attack.
    Do you want to split the dictionary up in parts and distribute to bots (your computer), each holding the dictionary ?
    Or do you want to split the password file and distribute to bots, each holding the password file.

  4. Implement a solution based on the distributed architecture in assignment 3.
    Start the cracking simultaneously on all computers and measure the time again.
    Write your conclusion.
    Can you give an estimation of the time function of number of bots (N).

  5. In the group discuss how to utilize the possibility of running several threads on a single computer.
    Can you re-arrange it so 4 threads each are using 25% of the dictionary ?

  6. If the group is interested you can read more about an automatically controlled distributed attack in the mandatory assignment PasswordCracking2018 on theachers home page.

Technical requirements