How to make my Python password cracker operate more efficiently?

A little while ago I got interested in making a pseudo-password cracker. So, here’s some code:

list = [ '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'] # giving it a list 

passlength = int(input('Length of string: ')) # length of code or no of objects
aspass = '' # empty string acts as assumed password
passs = input('Please input password ') # he infamous password
b = [] # the list that will stores randomly generated passwords as values
attempt = 0
digits = 0   
o = True
while o:
    for k in range(0, passlength): # run this loop as many times as the length of password
        x = str(random.choice(list))#the attempted upon digit in the password
        aspass += x
        digits += 1 # counts the step the cracker is on
        #print(aspass)
        if(len(aspass) > passlength or aspass in b):
            digits = 0
            attempt += 1
            break
        else:
            continue
        #b.append(aspass)
    if(aspass == passs):
        break
        o = False
        end()
    else:
        b.append(aspass)
        aspass = ''
        continue

The thing here is, everything works and it generates 2 string password petty well. However, if length exceeds 2 or 3 strings. Well, it kind of moves at snail pace. Then I got an idea, if I could save the randomly generated password in the “b” list that I made and make sure that the passwords in that list are not repeated in the process then i think it will run significantly faster.

As I am a total beginner I am out of ideas how to make it faster any other way. What things can I try (e.g. importable modules) to improve this?

Answer

Password cracking is not an easy job. Think about the search space you have to go through as the length of the password grows. Your list of the possible characters contains 26 letters and 10 digits (by the way you can use string.digits and string.ascii_lowercase). So, for the first character in your password there are 36 options. The second has 36 options, the 3rd has 36 options and so on. Therefor, for a password of length n you will have 3^n options. As you can quickly see, this number is growing extremely rapidly even for small numbers.

Your method of cracking the password is called Brute-force attack and it’s extremely inefficient, especially considering the fact that most password are not stored as plain text but as hashed string.

Few other notes:

1. You variables names are not great. Most of them are meaningless and it makes your code much harder to understand.
2. You select random string instead of going through all the possible options in order. You have no way to cover all the options using this method. You can use itertools.permutations for iterating over all the options.
3. Don’t use parenthesis in if statements, it’s not the Python way. Please.