Cardinal product dictionary attack
I am wondering if anyone has ever heard of or used a program that does password cracking using the cardinal product of the dictionary. I think that such an attack would yield a lot of passwords that straight dictionary attacks miss.
Anyone familiar with Set Theory probably knows what about about to say but in case you're not, here's what I mean by a cardinal product dictionary attack. The cardinal product of a set (1,2,3) and (4,5,6) a set of pairs ((1,4),(1,5),(1,6),(2,4),(2,5),(2,6),(3,4),(3,5),( 3,6)). Imagine you have a dictionary that looks something like this.
Password crackers will crack the password if it's one of those three words. But what if your password is "kingtut" or "kingkong"? You'd need to put those in the dictionary as well. I think that the entire list of short phrases likes these are hard to predict so cardinal producting the dictionary with itself for two-word phrases or taking the cardinal product with the result of that for three word phrases be a big gain.
Efficiency I realize is going to tank if you do this but I am thinking of it as an alternative to going straight to incremental searches after the dictionary attack with mangling rules fails.
Does anyone think this exists already? I could write this myself really easily. I've written a quick script that pre-processes my dictionary file into a the original dictionary, dictionaryXdictionary, and dictionaryXdictionaryXdictionary. It's a very simple script and it doesn't really have the plethora of knowledge that Cain or John have about tuning the efficiency. I suppose efficiency isn't too important when it comes to producing the file. But I just wonder if I'm duplicating effort here.
Good friend of the forums
I have thought about this kind of attack too, Why dont you quickly write a program to take a word list and add the strings and write to another file
Although if you have a massive wordlist already, you are significantly increasing the amount of words n!(n-2)!
if you have a word list of 40 using the above formula you are increasing your wordlist to roughly 15000 words!
Originally Posted by calypso
so n:=40 --> 3 200 #Still a lot
n:=1E6--> 2E12 # Thats 2 Trillion words !
if the average length for a word is 10 then the password list would be 40TB long !
take a simple example ie I have 4 words a,b,c,d
possible combinations are
total combo = 12
now if you use my formula n!/(n-2)! = 12 - correct
your formula 2*4^2 = 32 - wrong
Is it cardinal product or cartesian product or cross product or cross joining
using X=A * B(A and B is relations)
and the final relation would be having n * m tuples from both the source relations.if table A is having 2 columns and B is having 1 column
If A is having 3 rows and B is having 2 rows then
final relation would be having 3 columns and 6 rows.
123 and 456
it depend on the way you do it
the way dskippy did it, is cartesian product, I did that as well
and with k dimmention it would be