Router/Password

Suppose we have a router with a password pattern such as:

(word)(number)(word)(number)(word)

where (word) is a word of up to five characters and (number) is a number consisting of four or more digits.

About how long would it take to crack the password?

Assuming we can test passwords at a rate of 1400 - 1600 keys/s, using aircrack + john, and assuming we can write a rule to assemble these passwords, which is easy to do, we just need a wordlist of common words.

Enter SecLists (github: https://github.com/danielmiessler/SecLists)

Example file: english.txt

Filter words by length (this is being generous about what a "word" is, with a dictionary of more common words this would be smaller):

$ cat english.txt | awk '{ if(length($1)<=5) print $1 }' | wc -l
    23704

If you need a smaller set, top 10,000 English words according to Google's n-gram corpus (https://github.com/first20hours/google-10000-english/blob/master/google-10000-english-no-swears.txt). However, this does not contain many of the words in our known word list.

We'll round up to 24,000 words for each (word), and 10,000 numbers for each (number). That gives a total of:

${\displaystyle 24,000^{3}\times 10,000^{2}=(2.4\times 10^{4})^{3}\times (10^{4})^{2}=14\times 10^{20}}$

Nowhere in the ballpark of feasibility. At a rate of 1400 keys per second, or ${\displaystyle 14\times 10^{2}}$, that leaves us with a mere ${\displaystyle 10^{10}}$ seconds of waiting time. That's about 3 centuries.

The digits in this problem make a big difference, but so would a good dictionary of "known words". The weakness of a router password system like this comes own to the word list used, and how uncommon the words are.

If we whittle it down to three numerical digits, so that (number) is less than 1,000, and if we restrict ourselves to four-letter words, we get:

$ cat english.txt | awk '{ if(length($1)<5) print $1 }' | wc -l
    8679

or about 9,000 words. That's three words of length 9,000 and two digits of length 1,000:

${\displaystyle (9,000)^{3}\times (1,000)^{2}=(9\times 10^{3})^{3}\times (10^{3})^{2}=7.3\times 10^{17}}$

Wow, not much better. It really does hinge on the word list.

(Also, on the word-number-word-number-word pattern, instead of something weaker like word-number or word-number-word).