• Suppose passwords are 8 characters, where a character can be an upper-case letter, lower-case letter, digit or special (printable) character. If there are 32 special characters, then 948 > 252 different passwords are possible.

• Suppose passwords are hashed. Also, suppose there is a dictionary of 220 passwords and we estimate that a randomly selected password will be in the dictionary with probability 1/2.

• If we want to crack a single password then

1. Without using the dictionary, the expected work is about 251

2. With the dictionary, the expected work is about

1/2 251 + 1/2 219 ≈ 250

• If we have a file of 128 password hashes and we would like to crack any one of these, then

1. Without using the dictionary, the expected work is about 244 assuming that no salt is used. If the password hashes are salted, then the work is about 251

2. With the dictionary, the probability that at least one of the 128 passwords is in the dictionary is

1 - (1/2)128 ≈ 1

So we can neglect the case where none of the passwords are in the dictionary. Using the dictionary on this password file, the expected work factor is

1/2 219 + 1/22 (220 + 219) + 1/23 (2 220 + 219) + ⋅ ⋅ ⋅ + 1/2128 (127 220 + 219) = 6 218 < 221

assuming that the hashes are salted. If the hashes are not salted, we could precompute the hashes of the entire dictionary (220 hashes) and amortize this work factor over the number of times that the attack is used.