Dictionary / Wordlists
In addition to the provided dictionaries being great for spell-checking routines, if you have a large library of backed up files and ever forget the password you used on an archive your in for a long road ahead. Assuming an inability to discover any binary hack, and there is no alternative method, you might want to consider a Dictionary Attack as your next choice for recovery. Put simply, a Dictionary Attack is where you try a large list of previously generated words until you find one that works.
Since everyone has their own style and pattern to passwords you need to approach this with some careful planning… but here are some general-use dictionaries and word lists I found online.
you may want to consider utilizing this dictionary (and the other wordlists) as a starting point. You can then “upgrade” them by converting it to upper-case or a combination of cases subjectively depending on how you typically create your passwords. Either way, it’s a start in the right direction!
If a Dictionary Attack fails, your only option is going to be a Brute Force attack… which will take lots and i mean LOTS of time. You will need to consider every combination of lower-case/upper-case/numeric/symbol one at a time. If I recall my high school math correctly it’s the number of different characters (DC) to the power of the total number of characters (TC) in the password or DC^TC. Think about that, thats something like over 4.7 trillion combinations for an eight character password 
And thats assuming you KNOW the password is a full eight characters… otherwise its much more!
That having been said I’ve always been interested in this method since its pretty much an absolute guarantee, theoretically anyway, that it will at some point discover your old password even if it takes a thousand years with todays technology. In general though, most passwords, especially those of home users can be reasonably brute-cracked with enough know how. Large distributed systems are often if not as a rule always necessary and can help by spreading the workload, but you’ll need to have the know how to create the software, the equipment to manage it, and the network of people to help you run it.
Be very cautious about using any prebuilt “cracking” software… it takes too much time to isolate and make sure its not sending all your passwords to a hacker or doing something else that creates a huge security risk.. but if you can’t write your own software and have absolutely no other choice make sure you use an open source library with good references. Otherwise consider installing it on a virtual machine and lock it into an “island” where its on a completely different subnet or whatever.
For information on algorithums, and additional references:
Peace, and keep on coding!
No related posts.
