> -Original Message-
> From: Stut [mailto:[EMAIL PROTECTED]
> Sent: Sunday, May 20, 2007 8:45 AM
> To: Lasitha Alawatta
>
> Lasitha Alawatta wrote:
> > Im going to create all key combinations; simple-letter
> passwords and
> > store those in to MySql DB.
> >
> > Using = a-z (simple letters)
> >
> > Password length = 6
> >
> > Number of possibilities = 26 x 26 x 26 x 26 x 26 x 26 = 308,915,776
> >
> > This is my code:
> >
> > > for($i=0;$i< 5;$i++){
> > $arrPwd[] = createPwd();
> > }
> >
> > $arrUniqueData = array_unique($arrPwd);
> >
> > foreach($arrUniqueData as $key=>$val){
> > // Inserting to DB
> > }
> >
> > function createPwd() {
> > $lower = "abcdefghijklmnopqrstuvwxyz";
> > $seed_length += 26;
> > $seed .= $lower;
> >
> > for($x=1;$x<=6;$x++){
> > $ strPwd.= $seed{rand(0,$seed_length-1)};
> > }
> > return($strPwd);
> > }
> > ?>
> >
> > What is the easiest way to get my output?
> >
> >1. Because above code will stuck the PC (for($i=0;$i<
> 5;$i++){).
> >2. I use 5 instead of 308915776, because
> createPwd() function
> > will duplicating the password.
> >
> > Suggesting, comments, code samples are highly appreciate.
>
> The only reason I can see to do such a thing is to build a
> brute-force
> password cracker, and seeing as you're not smart enough to
> realise that
> you can do so incrementally instead of randomly, I don't see
> much reason
> to help you.
>
> -Stut
You make quite an assumption there Stut. I don't know the OP and can't say if
his intentions are pure or malicious.
However, I work for a network security company
(http://www.LockdownNetworks.com), and as part of our product, we have a
brute-force
password cracker. It hammers away on ssh, telnet, windows shares, etc. and
tries to get in, using all combinations of usernames
(some entered by the administrator), and others from a common pool. Plus all
combinations of passwords up to 8 chars I believe. We
do this so we can then alert the admin that someone has a weak password on
their network. However, we could just as easily be a
Black Hat and now we've penetrated your network.
Perhaps this OP is doing something similar. Perhaps it's a tool like l0phtcrack
(http://en.wikipedia.org/wiki/L0phtCrack). Perhaps
someone has lost their password to something very important and they only have
the hash left, and need to reverse engineer it to get
into whatever it was (financial statements, banking, company something or
other).
My point is, you don't know what his intent is, nor do I. This is a PHP help
list. He could have easily just said the was generating
every letter/char combo for 5 for DNA gene sequencing or some other
task. Would that have made you more inclined to help
him? If you have a bias or ethical/moral issues, then perhaps just staying
mute would have been a more diplomatic way to help your
cause.
If Im wrong, and his intention is to be a script kiddie hacker, then great,
more power to him. You better make sure your servers
and users are using secure passwords, and have your ports locked down, and your
code is safe from SQL injections and JS attacks.
Personally, I think people should have to be licensed to setup a
webserver/network, and create web pages -- the person that cuts my
hair has to be; and I've lot more to loose from a poorly designed network/www
site than I do a bad haircut. At least a haircut grows
back. Good luck trying to get your personal information back once it's exposed.
If people had to be licensed, there'd be a grip less
spam and "hobbyists" bogging down *MY* internet, er, I mean, tubes.
But I digress... :)
To the original poster Lasitha, are you running this in a web page or via
command line script? If web page, you have a 30 second
timeout, so your effort is futile unless you can spawn it as a "job" in the
background, which then becomes a CLI script. I've never
generated something in a loop so large, but I would suggest looking at your
php.ini configs and see if there are max memory limits,
timeout limits, or script execution time limits set.
You can do something like this from a CLI to get you started:
"php -i | grep max" or look here:
http://www.php.net/phpinfo
http://www.php.net/manual/en/function.ini-get.php
P.S. Lasitha, are you doing this with malicious intent or not? I don't care
either way, but I'd be curious which one of us needs to
eat crow now after my long diatribe rant. Stut or I? ;-p
ÐÆ5ÏÐ
"Some people, when confronted with a problem, think 'I know, I'll use XML.'"
Now they have two problems.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
