Prog: Stringen 1.2 (Python 3.3.2) Type: Dictionary/wordlist/password generator. ————————————————————————————————————————— Author: Nicolai Lessel E-mail: firstname.lastname@example.org Date: Oct 2, 2013 - Aug 23, 2014
Feedback is welcome at the e-mail address provided.
Sections: I. Background II. Instructions III. Examples IV. Wish List V. Version history VI. License agreement
It all began, when one day, I went to open a RAR file that I had created some time ago, only to realize that I had forgotten the password.
Things I knew about the RAR password: 1. the password was long (more than 12 characters), so brute force was out of the question. 2. the password was created from several words and numbers (my guess was 3-4). 3. the words (at least some of them), used in making the password are most likely NOT to be found in a dictionary.
So, with this knowledge, brute force and regular dictionary attack was a no go. What I was able to do, was to put together a list of around 15-20 words and numbers, which I believed could be part of the password. Although this was great, I quickly became aware, that I had no idea of how many of these words and numbers were combined, to form the password. I quickly did the math on how many possible passwords could be created when using a list of just 15-20 words, stringing anything from 2 to 5 of them together at a time, to make the password. It was way more than I cared to do by hand..lol. I looked around on the net in an attempt to find a program that would do this for me, but no luck. Some were very close, but not what I really needed. So, the only solution left was to write the program myself.
The input (in.txt) would consist of a list of words and numbers, the ones I remember having used in the past to create passwords. The output (out.txt) would be a list of generated passwords (all possible combinations of the items in the in.txt file), which could then be used in a dictionary attack.
I have limited programming experience using Pascal and C++, but recently discovered Python and thought I’d give it a go. So after digging into Python, I started writing this program.
To make a long story short, the program works! I got my list created, used it in a dictionary attack and was able to recover the contents of my RAR file.
I decided to make this program available to everyone, because there is nothing more frustrating, than having that file in front of you and ‘almost’ remembering the password.
I used Python 3.3.2. I tested this program with Python 2.7.5 and received errors. I now know that I probably should have written it for Python 2.7 for better compatibility. Sorry for that oversight, I’m a neewb ;-)
- The program expects a file ‘in.txt’ to be located in same folder as the program itself.
- This ‘in.txt’ file contains the words and/or numbers that you want to use.
- Use one word/number/item per line, starting with the first line.
- Use Notepad or similar to edit the ‘in.txt’ file.
- Make sure that there are no spaces or other formatting after the last item/line. One way to ensure this is to press DEL key at the end of the last item, thereby deleting anything below or after this point.
- If spaces are needed in the passwords, then a space can be added as an item on one of the lines. So, instead of writing your word/number on one of the lines, just press the spacebar and then ENTER for the next line.
- Output file will be ‘out.txt’ in same folder as program.
The time it takes the program to generate the passwords varies greatly. A setting of 4 items (concatenation), with 22 items in the ‘in.txt’ file takes my computer around 6 seconds. Going from 4 items to 5, will increase the time quite a bit and even longer going to 6 items.
Times, number of passwords generated and resulting file size using the included ‘in.txt’ file:
22 items/lines, setting 3: ca. 1 second, passwords 11,154, output file size 192KB 22 items/lines, setting 4: ca. 6 seconds, passwords 245,410, output file size 5.26MB 22 items/lines, setting 5: 1min 56sec, passwords 5,399,042, output file size 142MB 22 items/lines, setting 6: 43min 20sec, passwords 118,778,946, output file size 3.63GB
As can be seen from the numbers, start with a low setting.
When generating 5.4M passwords, I get an average of 52000 passwords per second.
IV. Wish List
- Multi-core CPU and GPU support
- Stat: time spent generating passwords and passwords per second. Added in ver. 1.2
- Estimated output file size
- Progress indicator. Added in ver. 1.2
- Stat: length of longest password generated. Added in ver. 1.2
V. Version history
See included “CHANGES.txt”
VI. License agreement
Copyright (C) 2013-2014 Nicolai Lessel
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.