Background

Have you ever found an old folder filled with memories or important files, just to realize you cannot open it because it is password protected and you forgot its password?  You attempt to remember the password and try different combinations but none of them work.

You now have two options, either you somehow remember the password, or you try to brute force your way into the folder.

If you managed to remember the password, please read no further.

As you will soon find out, trying each possible password combination you may remember takes too long, and brute-forcing every single combination with alphanumeric characters may not be practical after a certain number of characters.

This is where the “Combination Generator” comes into play.

If you have an idea of which possible words and variations your passwords may have had, you can plug them into the “Combination Generator” and the tool will generate for you every possible combination based on the characters entered.

The output is a word dictionary with only the combinations generated, therefore greatly reducing the time it would take to brute-force a password where no previous input was provided.

Demo

Instructions

Output

Output File

Challenges

• Processing all the possible combinations encounters a similar problem than when trying to brute-force all possible combinations using every alphanumeric character when all the positions and variations from the user interface are utilized.  It does consume a lot less time because we are limiting the number of characters, but when the application is hosted on the web it may give the impression that it may be stocked due to the minutes it may take to process.  When shortening the positions or variations by just a few characters the time is reduced drastically.  At the moment I was considering to time-out the application to force the user to cut down the input to more manageable chunks, even though the application has no problem processing the whole set.  This is not a technical limitation but a user experience problem.
• Recently the application was hosted on Heroku until the free tier option was eliminated.  Since I do not expect this program to be used and accessed constantly I decided not to continue paying for a 24/7 hosting service to run the application.  Instead, I was considering moving to a serverless architecture to run the application on demand.  Code changes would be required to achieve this which I am only willing to do if there is interest by a number of users to use this application.

Technologies used

• Python
• Flask
• HTML5
• CSS