Thoughtcataloges

Hacker claims he can crack eAadhaar password in under 3 seconds

Aadhaar has become quite the buzzword these days, and particularly since Telecom Regulatory Authority of India (TRAI) chief RS Sharma caused a furor by revealing his Aadhaar number on Twitter. Ever since Sharma pulled the stunt to prove that Aadhaar was safe and secure, people on social media are trying to prove him wrong. In latest such effort, a hacker called Somdev Sangwan has claimed that he can crack the password of eAadhaar in less than 3 seconds. And to prove his point, he has detailed his methodology in a blog post.

Sangwan in a blog post on Noteworthy has claimed that he can crack the eAadhaar password in just 3 seconds! In case you are wondering how he achieves such a feat, the answer, as he says is simple: using some basic mathematics and clever algorithms that can cycle through the possible password combinations very fast.

Sangwan uses the classic brute force password cracking method, but cleverly prunes the dictionary of possible password combinations that his algorithms will use to crack the eAadhaar password to shorten the duration the whole exercise will take.

In his blog post, Sangwan explains that the Aadhaar password is the combination of the first four letters of a person's name in upper case and his year of birth. Given that data, the total number of combinations possible is 2821109907456, which will take around 92 years to for a person to crack a password if one tries 1000 combinations per second.

But no one has that much time. So, Sangwan has come up with a different method. He reduces the duration required to go through the possible password combinations to 53 days by breaking down the password into two strings. But 53 days is a time period too long to dedicate for cracking a password. And so, he further reduces the time duration to 13 hours by eliminating the years that aren't valid for the possible password. For example no one born before 1910 is likely to have Aadhaar number.

To this then he adds a dictionary of popular Indian names, giving the password crunching algorithms even a narrower focus and thereby reduces the time duration to around 2 minutes and 39.8 seconds.

If you think you can't go lower than that, think again as the hacker then goes on to explain how you can crack the password in just 1.73 seconds by further dividing the names into groups based on popularity and religion.

If his calculations are accurate, one should be able to crack eAadhaar password in a blink of an eye (literally).

This is not the first time that hackers have made such claims. Back in March this year, French security researcher Elliot Alderson shared a video demonstrating how it was possible to bypass the protection on Aadhaar's Android app in one minute.

Alderson is one of the strongest critics of Aadhaar and time and again he has pointed out vulnerabilities in the Aadhaar system.