- Suppose passwords are 8 characters, where a character can be
an upper-case letter, lower-case letter,
digit or special (printable) character.
If there are 32 special characters, then
94
^{8}> 2^{52}different passwords are possible.

- Suppose passwords are hashed. Also, suppose there is a
dictionary of 2
^{20}passwords and we estimate that a randomly selected password will be in the dictionary with probability 1/2.

- If we want to crack a single password then

- Without using the dictionary, the expected work is about 2
^{51}

- With the dictionary, the expected work is about

1/2 2^{51}+ 1/2 2^{19}≈ 2^{50}

- Without using the dictionary, the expected work is about 2
- If we have a file of 128 password hashes and we would like to
crack any one of these, then

- Without using the dictionary, the expected work is about
2
^{44}assuming that no salt is used. If the password hashes are salted, then the work is about 2^{51}

- With the dictionary, the probability that at least one of the 128
passwords is in the dictionary is

1 - (1/2)^{128}≈ 1

So we can neglect the case where none of the passwords are in the dictionary. Using the dictionary on this password file, the expected work factor is

1/2 2^{19}+ 1/2^{2}(2^{20}+ 2^{19}) + 1/2^{3}(2 2^{20}+ 2^{19}) + ⋅ ⋅ ⋅ + 1/2^{128}(127 2^{20}+ 2^{19}) = 6 2^{18}< 2^{21}

assuming that the hashes are salted. If the hashes are not salted, we could precompute the hashes of the entire dictionary (2^{20}hashes) and amortize this work factor over the number of times that the attack is used.

- Without using the dictionary, the expected work is about
2

- If we want to crack a single password then