Results 1 to 7 of 7

Thread: Cardinal product dictionary attack

  1. #1
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    3

    Default Cardinal product dictionary attack

    I am wondering if anyone has ever heard of or used a program that does password cracking using the cardinal product of the dictionary. I think that such an attack would yield a lot of passwords that straight dictionary attacks miss.

    Anyone familiar with Set Theory probably knows what about about to say but in case you're not, here's what I mean by a cardinal product dictionary attack. The cardinal product of a set (1,2,3) and (4,5,6) a set of pairs ((1,4),(1,5),(1,6),(2,4),(2,5),(2,6),(3,4),(3,5),( 3,6)). Imagine you have a dictionary that looks something like this.

    king
    tut
    kong

    Password crackers will crack the password if it's one of those three words. But what if your password is "kingtut" or "kingkong"? You'd need to put those in the dictionary as well. I think that the entire list of short phrases likes these are hard to predict so cardinal producting the dictionary with itself for two-word phrases or taking the cardinal product with the result of that for three word phrases be a big gain.

    Efficiency I realize is going to tank if you do this but I am thinking of it as an alternative to going straight to incremental searches after the dictionary attack with mangling rules fails.

    Does anyone think this exists already? I could write this myself really easily. I've written a quick script that pre-processes my dictionary file into a the original dictionary, dictionaryXdictionary, and dictionaryXdictionaryXdictionary. It's a very simple script and it doesn't really have the plethora of knowledge that Cain or John have about tuning the efficiency. I suppose efficiency isn't too important when it comes to producing the file. But I just wonder if I'm duplicating effort here.

    -mike

  2. #2

  3. #3
    Member
    Join Date
    Mar 2008
    Posts
    111

    Default

    I have thought about this kind of attack too, Why dont you quickly write a program to take a word list and add the strings and write to another file

    Although if you have a massive wordlist already, you are significantly increasing the amount of words n!(n-2)!

    if you have a word list of 40 using the above formula you are increasing your wordlist to roughly 15000 words!

  4. #4
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    15

    Default

    Quote Originally Posted by calypso View Post
    I have thought about this kind of attack too, Why dont you quickly write a program to take a word list and add the strings and write to another file

    Although if you have a massive wordlist already, you are significantly increasing the amount of words n!(n-2)!

    if you have a word list of 40 using the above formula you are increasing your wordlist to roughly 15000 words!
    nope 2*n^2
    so n:=40 --> 3 200 #Still a lot
    n:=1E6--> 2E12 # Thats 2 Trillion words !
    if the average length for a word is 10 then the password list would be 40TB long !

  5. #5
    Member
    Join Date
    Mar 2008
    Posts
    111

    Default

    @MasGUi

    take a simple example ie I have 4 words a,b,c,d

    possible combinations are

    ab
    ac
    ad
    ba
    bc
    bd
    ca
    cb
    cd
    da
    db
    dc
    -------

    total combo = 12

    now if you use my formula n!/(n-2)! = 12 - correct

    your formula 2*4^2 = 32 - wrong

  6. #6
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Thumbs up

    Is it cardinal product or cartesian product or cross product or cross joining
    using X=A * B(A and B is relations)
    and the final relation would be having n * m tuples from both the source relations.if table A is having 2 columns and B is having 1 column
    If A is having 3 rows and B is having 2 rows then
    final relation would be having 3 columns and 6 rows.

  7. #7
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    15

    Default

    123 and 456
    ((1,4),(1,5),(1,6),(2,4),(2,5),(2,6),(3,4),(3,5),( 3,6))
    ((4,1),(5,1),(6,1),(4,2),(5,2),(6,2),(4,3),(5,3),( 6,3))
    n=18


    2*3^2=18
    correct

    it depend on the way you do it

    the way dskippy did it, is cartesian product, I did that as well

    farewell

    and with k dimmention it would be

    k*n^k

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •