I was motivated to fix this up password combination generator after reading yet another poor fellow on Reddit’s /r/bitcoin who had lost his wallet password. Don’t know if this will help him, but hopefully he’ll get his Bitcoins back.
A while back I worked on a computing device artificial intelligence language corpus project for one of the top major mobile phone manufacturers. As part of the job I created a tool to help me create language variations using a Cartesian Product (CROSS JOIN). I’ve ripped the project apart, gutted it, and fashioned it into a password combination generator.
Here’s the basic usage and reason… Many people use password phrases instead of random passwords. They are easier to remember and can actually increase the level of entropy for a password, which makes it more secure. If you’re one of those people, then this utility is for you.
Now, imagine that your password follows this pattern:
- Favourite animal
- Favourite actor
- Favourite ice cream
All of those are strung together something like this:
If you’re like many people, your favourite things change from time to time. Several months later, you may be wondering if your favourite animal was an ant, alligator or crocodile, and whether you thought Brad Pitt was better than Clint Eastwood, etc. etc.
Oh, and how did you spell Brad Pitt inside the password?
- Brad Pitt
- brad pitt
And was it chocolate or vanilla was it…???
Before you know it, your password combinations are insanely large. From just the very few options above (excluding Clint Eastwood just to make this shorter), those turn out to be like this:
- antbrad pittchocolate
- antbrad pittvanilla
- antBrad Pittchocolate
- antBrad Pittvanilla
- alligatorbrad pittchocolate
- alligatorbrad pittvanilla
- alligatorBrad Pittchocolate
- alligatorBrad Pittvanilla
- crocodilebrad pittchocolate
- crocodilebrad pittvanilla
- crocodileBrad Pittchocolate
- crocodileBrad Pittvanilla
Each of those are different. All 24. From 6 words. And we’ve not even looked at spacing between words, or capitalisation for the animals and ice cream yet… But add in dog, cat, blueberry and cinnamon, and now we’re up to 80… Add in those variations for Clint Eastwood, and it’s 160… And did you add in your favourite number, your age, your birth year, or your birth day at the end? Now we’re up to 640, and we’ve not even done any permutations yet. Was the number first?
The Password Combination Generator creates password list for you to help you crack old passwords that you kind of but not quite remember.
There are 3 basic areas:
- Top symbol string
- Middle token inputs
- Bottom results
For the symbol string, you enter numbers in curly braces starting with 0. So, if your password has 4 elements in it, as described above with the addition of numbers at the end, then your symbol string will be:
For each of those symbols, you need 1 token input field as you can see in the screenshot above. If you mismatch the number of symbols and inputs, you’ll get an error.
So, simply click the “Add Token Input” button 3 times to add 3 more inputs for a total of 4.
In each of the token inputs, enter the possible values with 1 per line, e.g.:
Continue adding to each token input. The buttons beside let you copy or duplicate a line or remove an input, etc.
Once you’re done, click the lightning button to generate the password combinations.
You can also add string literals to the symbol string. These never change. So, if you know that you always use an exclamation mark at the start of your password, you can write the above symbol string like this:
If you started your password with “my!”, it would be this:
And so on. There’s really nothing you can’t do with that syntax for a password.
At the bottom, the “Current Results (#)” panel will have all your generated password combinations along with a number indicating how many there are. If you generate more than 1 set, you can use the green arrow button to add the Current Results to the “All Results” panel, then create a new set, which you can also add.
The program and source code are available. They require .NET 4.0.
The code isn’t commented very well, but there are some links in there to where I got the Cartesian Product code and maybe some other stuff. I just ripped apart the AI language corpus software and hacked it into a password combination generator.
Now, there is no actual password cracking utility in there, but the program will help you create dictionary lists to use in a brute force attack with another utility. If I have time, I may try to write a crypto currency wallet password cracking utility for people that have lost their passwords.
Hopefully this helps someone get back a lost password. If you’ve lost a Bitcoin wallet password, it’s really, really important to get that back.