Results 1 to 9 of 9

Thread: Dictionary list

  1. #1
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    7

    Default Dictionary list

    I was reading one of the posts about the size of dictionary lists because I'm trying to figure out how big an 8 character password list would be with 26 characters the way I figure the math to be is 26^8 which comes out to be 209 billion bytes right? And roughly comes down to around 200 gigs?

    if this is true then why is it when I create a 4 character list using all digits I end up with a 50,000 byte file because 10^4 is 10,000
    is my math wrong or is there something im missing?
    Thank you for the help

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Its not the size of the file thats the problem it the amount of time it would take aircrack or cowpatty to get through it. At 50,000 pkk/s which is wht can be done with 3 or 4 high end Nvidia cards it would still take about 49 days just to get through that list.

  3. #3
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    7

    Default

    49days to computer all pmk's? cause my ultimate goal is a DB but even past that i still wanna know how big of a file am i looking at

  4. #4
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    22

    Default

    The reason is easy: you only calculated the number of permutations. You must multiply by the length of each one + 1 carriage return.

    10^4*(4+1) = 50000

    Idem with your 26^8.

  5. #5
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    1

    Default bytes bits and stuff

    It takes 2 bytes(16 bits) to store 1 ASCII character(if im remembering right).
    26^8 Eight slots with 26 possible combos. Its HUGE. Even if you try to use airolib-ng, it would take months just to prepare the database file. However aircrack-ng will shred that db file at 20000-40000 words per sec. It will take 100 years if you dont use the database method. I was running at 50 words per sec on my 1.6g laptop BEEN THERE DONE THAT. Im currently playing with this. Im thinking break up the large txt word file into a bunch of parts, airolib-ng them and run them over a period of a month or so. And get a crap load of memory. And that doesnt even cover the possibility of uppercase letters, numbers and %$#$ chars. LOL
    ttcd

  6. #6
    Senior Member
    Join Date
    Jan 2009
    Posts
    114

    Default

    De Bruijn sequence - Wikipedia, the free encyclopedia, maybe compress a lot the db,
    but after this, neet to change how your programm read the number, from read-line-after-line to pick-n-number-after-k-number.
    acer 5920g , 345abg , nvidia 8600m
    bt5 kde 64bit + acpi + cuda 4.0 / nvidia 270.40 / pyrit

  7. #7
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default

    Quote Originally Posted by joke18 View Post
    I was reading one of the posts about the size of dictionary lists because I'm trying to figure out how big an 8 character password list would be with 26 characters the way I figure the math to be is 26^8 which comes out to be 209 billion bytes right? And roughly comes down to around 200 gigs?
    No, that comes to 209 billion *passphrases* each 8 characters long plus the UNIX/LINUX linefeed character.
    if this is true then why is it when I create a 4 character list using all digits I end up with a 50,000 byte file because 10^4 is 10,000
    is my math wrong or is there something im missing?
    Thank you for the help
    Quote Originally Posted by pureh@te View Post
    Its not the size of the file thats the problem it the amount of time it would take aircrack or cowpatty to get through it. At 50,000 pkk/s which is wht can be done with 3 or 4 high end Nvidia cards it would still take about 49 days just to get through that list.
    Once again, pureh@te is exactly correct. Even with speedy nVidia/ATI GPU cards running the crack, there's still plenty of number crunching just to test a single passphrase.

    Let me make a suggestion germane to the OP's observation. Do not worry about creating and then storing 26^8 passphrases. Yes, that will take lots of disk space. Why not instead use crunch to create on-the-fly ?

    Start here:

    Code:
    /pentest/passwords/crunch/crunch 8 8 abcdefghijklmnopqrstuvwxyz -t a@@@@@@@
    Watch as this runs. If your eyes were fast, you noticed it started at:
    Code:
    aaaaaaaa
    aaaaaaab
    aaaaaaac
    ...and finished at:
    Code:
    azzzzzzx
    azzzzzzy
    azzzzzzz
    If you intend to brute-force your way thru 26^8 passphrases, use crunch to passthrough output to pyrit and then to cowpatty. But do this in short increments. Start with all possible passhrases beginning with letter a:
    Code:
    crunch 8 8 abcdefghijklmnopqrstuvwxyz -t a@@@@@@@ | pyrit -e NETGEAR -f - passthrough | cowpatty -d - -r wpa-01.cap -s NETGEAR
    Note: the above command assumes your PATH variable includes /pentest/passwords/crunch and /pentest/wireless/cowpatty

    If you do not find the passphrase there, start with the letter b:
    Code:
    crunch 8 8 abcdefghijklmnopqrstuvwxyz -t b@@@@@@@ | pyrit -e NETGEAR -f - passthrough | cowpatty -d - -r wpa-01.cap -s NETGEAR
    And so on and so on until you're old and decrepit.

    Bonus: In my testing, I've found that crunch saves your system from having to read the password file from disk, saving you precious CPU cycles. It's actually faster!

    Be warned: Brute-forcing your way thru 26^8 passphrases takes a long, long time. You will need to document what you've attempted to keep from doing it again, so keep a log.

    Conclusion: If you care to save disk space, use crunch.

    Comments? Questions? I hope that was clear.
    You. Are. Doing. It. Wrong.
    -Gitsnik

  8. #8
    Dooms_day
    Guest

    Default

    you wouldnt make a password list (txt file) to hold every combination of passwords 8 chars long, this is what rainbow tables are for

  9. #9
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default

    Quote Originally Posted by Dooms_day View Post
    you wouldnt make a password list (txt file) to hold every combination of passwords 8 chars long, this is what rainbow tables are for
    Even better, you never have to store the rainbow tables since they are computed on-the-fly. In my post above, this is exactly what I'm advocating
    You. Are. Doing. It. Wrong.
    -Gitsnik

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •