Dictionary list

**joke18** · 07-10-2009, 12:34 AM

I was reading one of the posts about the size of dictionary lists because I'm trying to figure out how big an 8 character password list would be with 26 characters the way I figure the math to be is 26^8 which comes out to be 209 billion bytes right? And roughly comes down to around 200 gigs?

if this is true then why is it when I create a 4 character list using all digits I end up with a 50,000 byte file because 10^4 is 10,000
is my math wrong or is there something im missing?
Thank you for the help

**purehate** · 07-10-2009, 02:22 AM

Its not the size of the file thats the problem it the amount of time it would take aircrack or cowpatty to get through it. At 50,000 pkk/s which is wht can be done with 3 or 4 high end Nvidia cards it would still take about 49 days just to get through that list.

**joke18** · 07-10-2009, 04:42 AM

49days to computer all pmk's? cause my ultimate goal is a DB but even past that i still wanna know how big of a file am i looking at

**Zaafiriel** · 07-10-2009, 12:36 PM

The reason is easy: you only calculated the number of permutations. You must multiply by the length of each one + 1 carriage return.

10^4*(4+1) = 50000

Idem with your 26^8.

**10000clouddragon** · 07-22-2009, 04:07 AM

It takes 2 bytes(16 bits) to store 1 ASCII character(if im remembering right).
26^8 Eight slots with 26 possible combos. Its HUGE. Even if you try to use airolib-ng, it would take months just to prepare the database file. However aircrack-ng will shred that db file at 20000-40000 words per sec. It will take 100 years if you dont use the database method. I was running at 50 words per sec on my 1.6g laptop BEEN THERE DONE THAT. Im currently playing with this. Im thinking break up the large txt word file into a bunch of parts, airolib-ng them and run them over a period of a month or so. And get a crap load of memory. And that doesnt even cover the possibility of uppercase letters, numbers and %$#$ chars. LOL
ttcd

**Nemis** · 07-22-2009, 07:34 AM

De Bruijn sequence - Wikipedia, the free encyclopedia, maybe compress a lot the db,
but after this, neet to change how your programm read the number, from read-line-after-line to pick-n-number-after-k-number.

**kidFromBigD** · 07-22-2009, 07:48 PM

Originally Posted by joke18

I was reading one of the posts about the size of dictionary lists because I'm trying to figure out how big an 8 character password list would be with 26 characters the way I figure the math to be is 26^8 which comes out to be 209 billion bytes right? And roughly comes down to around 200 gigs?

No, that comes to 209 billion *passphrases* each 8 characters long plus the UNIX/LINUX linefeed character.

if this is true then why is it when I create a 4 character list using all digits I end up with a 50,000 byte file because 10^4 is 10,000
is my math wrong or is there something im missing?
Thank you for the help

Originally Posted by pureh@te

Its not the size of the file thats the problem it the amount of time it would take aircrack or cowpatty to get through it. At 50,000 pkk/s which is wht can be done with 3 or 4 high end Nvidia cards it would still take about 49 days just to get through that list.

Once again, pureh@te is exactly correct. Even with speedy nVidia/ATI GPU cards running the crack, there's still plenty of number crunching just to test a single passphrase.

Let me make a suggestion germane to the OP's observation. Do not worry about creating and then storing 26^8 passphrases. Yes, that will take lots of disk space. Why not instead use crunch to create on-the-fly ?

Start here:

Code:

/pentest/passwords/crunch/crunch 8 8 abcdefghijklmnopqrstuvwxyz -t a@@@@@@@

Watch as this runs. If your eyes were fast, you noticed it started at:

Code:

aaaaaaaa
aaaaaaab
aaaaaaac

...and finished at:

Code:

azzzzzzx
azzzzzzy
azzzzzzz

If you intend to brute-force your way thru 26^8 passphrases, use crunch to passthrough output to pyrit and then to cowpatty. But do this in short increments. Start with all possible passhrases beginning with letter a:

Code:

crunch 8 8 abcdefghijklmnopqrstuvwxyz -t a@@@@@@@ | pyrit -e NETGEAR -f - passthrough | cowpatty -d - -r wpa-01.cap -s NETGEAR

Note: the above command assumes your PATH variable includes /pentest/passwords/crunch and /pentest/wireless/cowpatty

If you do not find the passphrase there, start with the letter b:

Code:

crunch 8 8 abcdefghijklmnopqrstuvwxyz -t b@@@@@@@ | pyrit -e NETGEAR -f - passthrough | cowpatty -d - -r wpa-01.cap -s NETGEAR

And so on and so on until you're old and decrepit.

Bonus: In my testing, I've found that crunch saves your system from having to read the password file from disk, saving you precious CPU cycles. It's actually faster!

Be warned: Brute-forcing your way thru 26^8 passphrases takes a long, long time. You will need to document what you've attempted to keep from doing it again, so keep a log.

Conclusion: If you care to save disk space, use crunch.

Comments? Questions? I hope that was clear.

Dooms_day · 07-22-2009, 09:23 PM

you wouldnt make a password list (txt file) to hold every combination of passwords 8 chars long, this is what rainbow tables are for

**kidFromBigD** · 07-22-2009, 10:19 PM

Originally Posted by Dooms_day

you wouldnt make a password list (txt file) to hold every combination of passwords 8 chars long, this is what rainbow tables are for

Even better, you never have to store the rainbow tables since they are computed on-the-fly. In my post above, this is exactly what I'm advocating

BackTrack Linux - Penetration Testing Distribution

Thread: Dictionary list

Thread Tools

Search Thread

Display

Dictionary list

bytes bits and stuff

Posting Permissions