/pdic

A tool to help checking password strength against dictionary attacks

Primary LanguageJavaMIT LicenseMIT

pdic

A tool to help checking password strength against dictionary attacks.

This tool allows you to compress an UTF-8 text list into a minimal automaton and quickly lookup values into this automaton.

The build_passwd_list.sh script will build the tool and create a compressed list from various dictionaries as well as large password lists downloaded from:

https://github.com/danielmiessler/SecLists

Here is what you get:

$ ls -l list.txt list.bin
-rw-r--r--  1 foo  staff  224711666 Oct  1 22:44 list.txt
-rw-r--r--  1 foo  staff   63178518 Oct  1 22:57 list.bin
$ wc -l list.txt
 19106660 list.txt

The resulting binary can be looked up very efficiently:

$ time pdic contains list.bin azertyuiop
'azertyuiop' found'

real	0m0.111s
user	0m0.079s
sys	0m0.032s

By comparison, here is the time it takes to look for the same password in the uncompressed list with grep:

$ time grep '^azertyuiop$' list.txt 
azertyuiop
azertyuiop

real	0m4.795s
user	0m4.769s
sys	0m0.025s

You can also decompress the binary list into a duplicate-free sorted text list:

$ time pdic decompress list.bin sorted.txt

real	0m1.946s
user	0m2.055s
sys	0m0.247s
$ wc -l sorted.txt 
 13918735 sorted.txt