How much time does it need to hack a Unix/Linux/Mac 0S X password?

I wrote a small perlscript, which compute how much time it needs to test all possible combinations. ( incremental, brute force).

Wordlists

Another possibility, which you should try first, is to work with wordlists.

I tried that too and i made a large wordlist (english) - compiling all the wordlists i found on the net. There are some wrong words therein,but with today's computer resources - it is nevertheless done in minutes. on my computer it took 18 seconds for one password !

Download wordlists

english.lst.zip    (1 450 000 words, zipped: 4.8 MB, unpacked : 15.7 MB)

or on the site of elcomsoft.com it has various large wordlist in different languages, some are very dirty too. take a look at the head and the tail of the english wordlist, which i found there.

head_english.txt   (3000 words, 38 K)   tail_english.txt   (3000 words, 29 K)

in addition i compiled with a self made perlscript all the wordlists from elcomsoft together with my wordlist and created a multilingual wordlist.

multilingual.lst.zip    (4 450 000 words, zipped: 12 MB, unpacked : 44 MB)

perlscript for creating wordlists:

my perlscript for compiling wordlists out of textfiles - needs some shell comands (linux,cygwin)

text2list.pl  (2K)  text2list.pl.zip   (1K)   howto

and a very simple script to count the lines resp. the words in a wordlist:

linecount.pl   (1K)  linecount.pl.zip   (1K)  

command for john:

and finaly the command to start john with a wordlist:

john -w:english.lst pw_file

Brute Force:

With my computer (800Mhz, win98se) and the password hack application which I use - John - i get 40000 combinations per second. (62 different characters and 8 digits with 40,000 combinations per second).

in alphanumeric passwords (small letters, capitals and numbers) are 62 different characters, and the password has 8 digits so there are 62 to the power of 8 combinantions: but here my

Perlscript:

computerzeit.pl  (4K) computerzeit.pl.zip (2K)

start command:

perl computerzeit.pl. 62 8 40000

output:

----------- INFO ------------------------------------------

There are 218 340 105 584 896 differently combinations.
Es gibt 218 340 105 584 896 verschieden Kombinationen.

With 40 000 combinations per second it needs :
Bei 40 000 Kombinationen pro Sekunde braucht es :

5 458 502 639 seconds / Sekunden
    1 516 250 hours   / Stunden
       63 177 days    / Tagen
        9 025 weeks   / Wochen
          177 years   / Jahre

To save all this combinations on harddisk it needs :
Um all diese Kombinationen zu speicher braucht es :

2 643 485 GigaBytes
    2 581 TeraBytes

----------------------------------------------------------

Conclusion

It takes 177 years to calculate all combinations, much too much time. but in addition, it means to me, if i do not select words as passwords, but abstract combinations of signs, my box is save..

Save all passwords on a disk ?

I had the idea too calculate one time everything and store the raw password as well as the encrypteten password on a disk. Then you would have to enter only the encryptete password and you will get the the associated password with no computing at all. but it needs too much space:   2 581 TeraBytes

To save to disk would only possible for small letters and numbers (36 characters) and six digits.

31 096 seconds / Sekunden
       8 hours / Stunden

To save all this combinations on harddisk it needs :
Um all diese Kombinationen zu speicher braucht es :

26 GigaBytes

command for john:

john -i:alpha pw_file

running john - press the spacebar for output .

note :

perl function: eval()

if i call the function space_num with an argument like this:

space_num(int(666.999))

i get a compiler error, but if i call it like this:

space_num(eval(int(777.888)))

no problem anymore, because eval() forces the compiler to compile first the stuff inside eval().