> -----Original Message-----
> From: Stut [mailto:[EMAIL PROTECTED] 
> Sent: Sunday, May 20, 2007 8:45 AM
> To: Lasitha Alawatta
> Lasitha Alawatta wrote:
> > I’m going to create all key combinations; simple-letter 
> passwords and 
> > store those in to MySql DB.
> > 
> > Using = a-z (simple letters)
> > 
> > Password length = 6
> > 
> > Number of possibilities = 26 x 26 x 26 x 26 x 26 x 26 = 308,915,776
> > 
> > This is my code:
> > 
> > <?php
> >       for($i=0;$i< 500000000;$i++){
> >             $arrPwd[] = createPwd();
> >       }
> > 
> >       $arrUniqueData = array_unique($arrPwd);
> > 
> >       foreach($arrUniqueData as $key=>$val){
> >             // Inserting to DB
> > }
> > 
> >       function createPwd() {
> >             $lower = "abcdefghijklmnopqrstuvwxyz";
> >             $seed_length += 26;
> >             $seed .= $lower;
> >            
> >             for($x=1;$x<=6;$x++){
> >                   $ strPwd.= $seed{rand(0,$seed_length-1)};
> >             }
> >             return($strPwd);
> >       }
> > ?>
> > 
> > What is the easiest way to get my output?
> > 
> >    1. Because above code will stuck the PC (for($i=0;$i< 
> 500000000;$i++){).
> >    2. I use 500000000 instead of 308915776, because 
> createPwd() function
> >       will duplicating the password.
> > 
> > Suggesting, comments, code samples are highly appreciate.
> The only reason I can see to do such a thing is to build a 
> brute-force 
> password cracker, and seeing as you're not smart enough to 
> realise that 
> you can do so incrementally instead of randomly, I don't see 
> much reason 
> to help you.
> -Stut

You make quite an assumption there Stut. I don't know the OP and can't say if 
his intentions are pure or malicious. 

However, I work for a network security company 
(http://www.LockdownNetworks.com), and as part of our product, we have a 
password cracker. It hammers away on ssh, telnet, windows shares, etc. and 
tries to get in, using all combinations of usernames
(some entered by the administrator), and others from a common pool. Plus all 
combinations of passwords up to 8 chars I believe. We
do this so we can then alert the admin that someone has a weak password on 
their network. However, we could just as easily be a
Black Hat and now we've penetrated your network.

Perhaps this OP is doing something similar. Perhaps it's a tool like l0phtcrack 
(http://en.wikipedia.org/wiki/L0phtCrack). Perhaps
someone has lost their password to something very important and they only have 
the hash left, and need to reverse engineer it to get
into whatever it was (financial statements, banking, company something or 

My point is, you don't know what his intent is, nor do I. This is a PHP help 
list. He could have easily just said the was generating
every letter/char combo for 500000000 for DNA gene sequencing or some other 
task. Would that have made you more inclined to help
him?  If you have a bias or ethical/moral issues, then perhaps just staying 
mute would have been a more diplomatic way to help your

If I’m wrong, and his intention is to be a script kiddie hacker, then great, 
more power to him. You better make sure your servers
and users are using secure passwords, and have your ports locked down, and your 
code is safe from SQL injections and JS attacks.
Personally, I think people should have to be licensed to setup a 
webserver/network, and create web pages -- the person that cuts my
hair has to be; and I've lot more to loose from a poorly designed network/www 
site than I do a bad haircut. At least a haircut grows
back. Good luck trying to get your personal information back once it's exposed. 
If people had to be licensed, there'd be a grip less
spam and "hobbyists" bogging down *MY* internet, er, I mean, tubes. 

But I digress... :)

To the original poster Lasitha, are you running this in a web page or via 
command line script? If web page, you have a 30 second
timeout, so your effort is futile unless you can spawn it as a "job" in the 
background, which then becomes a CLI script. I've never
generated something in a loop so large, but I would suggest looking at your 
php.ini configs and see if there are max memory limits,
timeout limits, or script execution time limits set.

You can do something like this from a CLI to get you started: 
"php -i | grep max" or look here: 

P.S. Lasitha, are you doing this with malicious intent or not? I don't care 
either way, but I'd be curious which one of us needs to
eat crow now after my long diatribe rant. Stut or I? ;-p

"Some people, when confronted with a problem, think 'I know, I'll use XML.'"
Now they have two problems. 

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to