1. ## Dictionary list

I was reading one of the posts about the size of dictionary lists because I'm trying to figure out how big an 8 character password list would be with 26 characters the way I figure the math to be is 26^8 which comes out to be 209 billion bytes right? And roughly comes down to around 200 gigs?

if this is true then why is it when I create a 4 character list using all digits I end up with a 50,000 byte file because 10^4 is 10,000
is my math wrong or is there something im missing?
Thank you for the help

2. Its not the size of the file thats the problem it the amount of time it would take aircrack or cowpatty to get through it. At 50,000 pkk/s which is wht can be done with 3 or 4 high end Nvidia cards it would still take about 49 days just to get through that list.

3. 49days to computer all pmk's? cause my ultimate goal is a DB but even past that i still wanna know how big of a file am i looking at

4. The reason is easy: you only calculated the number of permutations. You must multiply by the length of each one + 1 carriage return.

10^4*(4+1) = 50000

5. ## bytes bits and stuff

It takes 2 bytes(16 bits) to store 1 ASCII character(if im remembering right).
26^8 Eight slots with 26 possible combos. Its HUGE. Even if you try to use airolib-ng, it would take months just to prepare the database file. However aircrack-ng will shred that db file at 20000-40000 words per sec. It will take 100 years if you dont use the database method. I was running at 50 words per sec on my 1.6g laptop BEEN THERE DONE THAT. Im currently playing with this. Im thinking break up the large txt word file into a bunch of parts, airolib-ng them and run them over a period of a month or so. And get a crap load of memory. And that doesnt even cover the possibility of uppercase letters, numbers and %\$#\$ chars. LOL
ttcd

6. De Bruijn sequence - Wikipedia, the free encyclopedia, maybe compress a lot the db,

7. Originally Posted by joke18
I was reading one of the posts about the size of dictionary lists because I'm trying to figure out how big an 8 character password list would be with 26 characters the way I figure the math to be is 26^8 which comes out to be 209 billion bytes right? And roughly comes down to around 200 gigs?
No, that comes to 209 billion *passphrases* each 8 characters long plus the UNIX/LINUX linefeed character.
if this is true then why is it when I create a 4 character list using all digits I end up with a 50,000 byte file because 10^4 is 10,000
is my math wrong or is there something im missing?
Thank you for the help
Originally Posted by pureh@te
Its not the size of the file thats the problem it the amount of time it would take aircrack or cowpatty to get through it. At 50,000 pkk/s which is wht can be done with 3 or 4 high end Nvidia cards it would still take about 49 days just to get through that list.
Once again, pureh@te is exactly correct. Even with speedy nVidia/ATI GPU cards running the crack, there's still plenty of number crunching just to test a single passphrase.

Let me make a suggestion germane to the OP's observation. Do not worry about creating and then storing 26^8 passphrases. Yes, that will take lots of disk space. Why not instead use crunch to create on-the-fly ?

Start here:

Code:
`/pentest/passwords/crunch/crunch 8 8 abcdefghijklmnopqrstuvwxyz -t a@@@@@@@`
Watch as this runs. If your eyes were fast, you noticed it started at:
Code:
```aaaaaaaa
aaaaaaab
aaaaaaac```
...and finished at:
Code:
```azzzzzzx
azzzzzzy
azzzzzzz```
If you intend to brute-force your way thru 26^8 passphrases, use crunch to passthrough output to pyrit and then to cowpatty. But do this in short increments. Start with all possible passhrases beginning with letter a:
Code:
`crunch 8 8 abcdefghijklmnopqrstuvwxyz -t a@@@@@@@ | pyrit -e NETGEAR -f - passthrough | cowpatty -d - -r wpa-01.cap -s NETGEAR`
Note: the above command assumes your PATH variable includes /pentest/passwords/crunch and /pentest/wireless/cowpatty

If you do not find the passphrase there, start with the letter b:
Code:
`crunch 8 8 abcdefghijklmnopqrstuvwxyz -t b@@@@@@@ | pyrit -e NETGEAR -f - passthrough | cowpatty -d - -r wpa-01.cap -s NETGEAR`
And so on and so on until you're old and decrepit.

Bonus: In my testing, I've found that crunch saves your system from having to read the password file from disk, saving you precious CPU cycles. It's actually faster!

Be warned: Brute-forcing your way thru 26^8 passphrases takes a long, long time. You will need to document what you've attempted to keep from doing it again, so keep a log.

Conclusion: If you care to save disk space, use crunch.

Comments? Questions? I hope that was clear.

8. you wouldnt make a password list (txt file) to hold every combination of passwords 8 chars long, this is what rainbow tables are for

9. Originally Posted by Dooms_day
you wouldnt make a password list (txt file) to hold every combination of passwords 8 chars long, this is what rainbow tables are for
Even better, you never have to store the rainbow tables since they are computed on-the-fly. In my post above, this is exactly what I'm advocating

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•