<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#3333ff">
<br>
<br>
Kent Johnson wrote:
<blockquote
cite="mid:1c2a2c590901080928p4bf1907fy602b5d57c7fd4617@mail.gmail.com"
type="cite">
<pre wrap="">On Thu, Jan 8, 2009 at 10:49 AM, Robert Berman <a class="moz-txt-link-rfc2396E" href="mailto:bermanrl@cfl.rr.com"><bermanrl@cfl.rr.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
One of the challenges on the challenge you web page appropriately titled
'Brute force' reads as follows:
"The password you have to guess is 'loner' . Try all combinations of
lowercase letters until you guess it. Try not to loop much for example,
save all used combinations in an array so you don't repeat."
</pre>
</blockquote>
<pre wrap=""><!---->
This is a strange requirement. If you want to try all combinations of
lowercase letters, the simplest way to do that is with nested loops.
The loops will generate all combinations without repeating, so there
is no need to save the used combinations.
</pre>
</blockquote>
This is also the brute force attack that Michael suggested; and
just for the experience I think I should do another iteration of the
program to do that as well as using Michaels excellent suggestions for
proper coding technique. As an aside, I had thought of that approach
but decided against it because of.........see next comment.<br>
<blockquote
cite="mid:1c2a2c590901080928p4bf1907fy602b5d57c7fd4617@mail.gmail.com"
type="cite">
<pre wrap=""></pre>
<blockquote type="cite">
<pre wrap="">Since the challenge revolves around the use of randomized retrieval, I'm not
too sure how to optimize the process. The authors concept of using arrays
seem a bit superfluous as I think it takes longer to add an item to a
dictionary and retrieve an item from a dictionary than it does to do an if
compare of two 5 character strings. So, I left that code out of the program
entirely. If that was wrong, or there is a better way to avoid duplication,
please point me in the right direction.
</pre>
</blockquote>
</blockquote>
There was a small example program of inefficient C code
(inefficient because it did not test for previous strings already
generated). Each 5 character string was generated by 5 calls to rand().
So I decided the author wanted randomized methods to come into play.<br>
<br>
<blockquote
cite="mid:1c2a2c590901080928p4bf1907fy602b5d57c7fd4617@mail.gmail.com"
type="cite">
<pre wrap=""><!---->
To avoid duplication you should use a set to hold the passwords
already tried. It is probably faster to just compare, but if you are
supposed to imagine a true brute-force password attack, the set test
would be faster than a failed login.
</pre>
<blockquote type="cite">
<pre wrap="">I think, perhaps, I could make it a tad more efficient if I changed
'alphabet' from a string to a list as I remember reading that lists are
significantly faster to manipulate than are strings. Is that true and is it
a viable change.
</pre>
</blockquote>
<pre wrap=""><!---->
I don't think it will make any difference. The place where lists are
preferred is when you are concatenating strings in a loop.
Kent
</pre>
</blockquote>
Kent, I certainly do appreciate your comments and your suggestions.<br>
<br>
Thank you,<br>
<br>
Robert<br>
</body>
</html>