One word of caution, if you decide to actually generate a dictionary, you will need loads of disk space. Let's do some math!

In order to calculate the number of permutations you need the follow information:

  1. How large is your base set (alphabet in our case) for this example that I've laid out that number would be 36, 26 letters and 10 numbers
  2. How long is the string you are constructing?

Knowing this information, we can plug this into the formula nr where n = base set size and r = length of string to construct. You can see how this can get out of control quite quickly :)

Here is a list containing the number of permutations for a given string length from 1 to 10

  1. 36
  2. 1296
  3. 46656
  4. 1679616
  5. 60466176
  6. 2176782336
  7. 78364164096
  8. 2821109907456
  9. 101559956668416
  10. 3.65615844006298e+15 (big damn number)

Let's take this a step further. If we are going to store the permutations we need to know how much disk space we're going to need. In order to get a rough estimate let's assume we are going to store this as non-unicode data so 1 byte per character. That would give a result of 548,549,148,672 bytes (548 GB) to store all of the permutations of a 7 character string! How much for 10 you say?

3.65615844006298e+15 * 10 = 3.65615844006298e+16 bytes so that gives us 36.5 Petabytes :)

This brings us to the question, how long of a password is good enough to escape most brute force attacks? It depends on who your attacker is, but if you look at the data it would take quite awhile to produce let alone process a list of passwords longer than 6 characters. Keep in mind however that most dictionaries are just that, dictionaries containing all words in a given language so don't choose something that's in one! ever! and you might just be ok, then again...maybe not :)