Forum

I've been going over the math used in determining numbers of password possibilities and file sizes related to brute force dictionaries (i.e. such as those that might be used to run against the Asleap hacker tool). Here's an example I created to explain brute dictionary sizes.

Let's say a user selects a 3 character password (let's call this "C") from the characters "0" and "1". That's 2 ASCII characters (let's call this "A") possible per password character. That equals 2A^3C = 8 total passwords (let's call this "T") which are:

000
001
010
011
100
101
110
111

Simple binary math, right? 2^3=8, thus we create our formula: A^C = T

Say a user selects a 6 character password (C) from the characters "a-z", "A-Z", and "0-9". That's 26+26+10=62 ASCII characters (A) possible per password character. Using our formula, 62A^6C = 56,800,235,584T.

If you were creating a brute force dictionary file, the file would be, in bytes, approximately the number of passwords times 5 (don't ask me why this number works but it's pretty accurate when compared to what a password generator creates).

A file with every combination of 6C (62A^6C = 5.68*10^10) would consume about 2.84*10^11 bytes, or about 284GB of disk space (assuming no compression). With a 300:1 compression ratio, the expected size of this dictionary would be about 946MB in size.

If we extrapolate that to an 8C password, we get 62A^8C = 2.18*10^14T or over 200 trillion possibilities. The comprehensive dictionary file would be 1.09*10^15 bytes or about 3.64*10^12 bytes (3.6 terabytes) when compressed at 300:1.

If a 14C password is used with 94A (using extended chars, numerics, and upper and lower case alphas), you get 4.2*10^27 possibilities. The file would be 2.1*10^28 bytes uncompressed and 7*10^25 bytes compressed at 300:1. That's pretty big.

Needless to say, strong passwords are important.

Joel

I've been building a 6-character alphanumeric dictionary with upper and lower case and numbers for an entire day. It's up to 12GB now, and from your calculations, my hard drive isn't going to be big enough. I'm going to go snag a 300GB drive just for this project. I'll zip'em up and move'em over to my smaller drives when they're done. I've been running a 10 digit numbers only dictionary since last week. It's at 115GB now and I'm about 2 GB from being out of drive space. (10^10)*5=50GB from my calculations. I can't figure out why this thing is so big using your formula.

How did our dictionary project turn out?

need a much bigger drive. after running for a week, it was about 10-20GB shy. I'm going to have to get that 300GB drive soon. by the way, asleap only handles files up to 4GB, and only up to 1GB with the index file. trying to get the author to update it for bigger dictionaries, but he hasn't had time thus far.

Devin:

What program are you using to create the dictionay file? Something "off the shelf" or something that you whipped up? If off the shelf, I'd like to go find it and add it to my toolbox.

Thanks!

This is a piece of freeware I found on the web somewhere. I have several, but this one is the best one I've seen. I'll get it to you.

Devin:

Thanks! I appreciate it! You can send it to either my work or home email address...which ever you have. If you need it again, just let me know. Or it should be in my profile here.

Thanks again!