> -----Original Message----- > From: Stut [mailto:stuttle@xxxxxxxxx] > Sent: Sunday, May 20, 2007 8:45 AM > To: Lasitha Alawatta > > Lasitha Alawatta wrote: > > I?m going to create all key combinations; simple-letter > passwords and > > store those in to MySql DB. > > > > Using = a-z (simple letters) > > > > Password length = 6 > > > > Number of possibilities = 26 x 26 x 26 x 26 x 26 x 26 = 308,915,776 > > > > This is my code: > > > > <?php > > for($i=0;$i< 500000000;$i++){ > > $arrPwd[] = createPwd(); > > } > > > > $arrUniqueData = array_unique($arrPwd); > > > > foreach($arrUniqueData as $key=>$val){ > > // Inserting to DB > > } > > > > function createPwd() { > > $lower = "abcdefghijklmnopqrstuvwxyz"; > > $seed_length += 26; > > $seed .= $lower; > > > > for($x=1;$x<=6;$x++){ > > $ strPwd.= $seed{rand(0,$seed_length-1)}; > > } > > return($strPwd); > > } > > ?> > > > > What is the easiest way to get my output? > > > > 1. Because above code will stuck the PC (for($i=0;$i< > 500000000;$i++){). > > 2. I use 500000000 instead of 308915776, because > createPwd() function > > will duplicating the password. > > > > Suggesting, comments, code samples are highly appreciate. > > The only reason I can see to do such a thing is to build a > brute-force > password cracker, and seeing as you're not smart enough to > realise that > you can do so incrementally instead of randomly, I don't see > much reason > to help you. > > -Stut You make quite an assumption there Stut. I don't know the OP and can't say if his intentions are pure or malicious. However, I work for a network security company (http://www.LockdownNetworks.com), and as part of our product, we have a brute-force password cracker. It hammers away on ssh, telnet, windows shares, etc. and tries to get in, using all combinations of usernames (some entered by the administrator), and others from a common pool. Plus all combinations of passwords up to 8 chars I believe. We do this so we can then alert the admin that someone has a weak password on their network. However, we could just as easily be a Black Hat and now we've penetrated your network. Perhaps this OP is doing something similar. Perhaps it's a tool like l0phtcrack (http://en.wikipedia.org/wiki/L0phtCrack). Perhaps someone has lost their password to something very important and they only have the hash left, and need to reverse engineer it to get into whatever it was (financial statements, banking, company something or other). My point is, you don't know what his intent is, nor do I. This is a PHP help list. He could have easily just said the was generating every letter/char combo for 500000000 for DNA gene sequencing or some other task. Would that have made you more inclined to help him? If you have a bias or ethical/moral issues, then perhaps just staying mute would have been a more diplomatic way to help your cause. If I?m wrong, and his intention is to be a script kiddie hacker, then great, more power to him. You better make sure your servers and users are using secure passwords, and have your ports locked down, and your code is safe from SQL injections and JS attacks. Personally, I think people should have to be licensed to setup a webserver/network, and create web pages -- the person that cuts my hair has to be; and I've lot more to loose from a poorly designed network/www site than I do a bad haircut. At least a haircut grows back. Good luck trying to get your personal information back once it's exposed. If people had to be licensed, there'd be a grip less spam and "hobbyists" bogging down *MY* internet, er, I mean, tubes. But I digress... :) To the original poster Lasitha, are you running this in a web page or via command line script? If web page, you have a 30 second timeout, so your effort is futile unless you can spawn it as a "job" in the background, which then becomes a CLI script. I've never generated something in a loop so large, but I would suggest looking at your php.ini configs and see if there are max memory limits, timeout limits, or script execution time limits set. You can do something like this from a CLI to get you started: "php -i | grep max" or look here: http://www.php.net/phpinfo http://www.php.net/manual/en/function.ini-get.php P.S. Lasitha, are you doing this with malicious intent or not? I don't care either way, but I'd be curious which one of us needs to eat crow now after my long diatribe rant. Stut or I? ;-p ÐÆ5ÏÐ "Some people, when confronted with a problem, think 'I know, I'll use XML.'" Now they have two problems. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
