Brute force MD5 password checker

I'm trying to create a C# brute force MD5 password checker. If I run it with "test1" without MD5, it completes in 15 seconds. I would like to make it faster, but I'm a c# beginner, and don't know how to optimize code anymore.

Basically, instead of nested for loops, if using flags (of type boolean), so if you have 4 char long pass it goes like this:

_ _ _ _ -> try every letter and number at last place, then set last flag on true. If last flag == true then increment counter for third place.

```
private string bruteForce(int lenght)
{
MD5 md55 = System.Security.Cryptography.MD5.Create();
char[] words =
{
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'r', 'q', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','R','Q','S','T','U','V','W','X','Y','Z',
'0','1','2','3','4','5','6','7','8','9'

};

bool[] konec = new bool[lenght];

int flag = lenght;
char[] pass = new char[flag];
int[] signal = new int[lenght];
for (int j = 0; j < lenght; j++)
{
signal[j] = -1;
konec[j] = false;
}
flag--;
string tmp = "";
bool over=false;

while (!over)
{

for (int k = 0; k < lenght; k++)
{
if (konec[k])
{
if (k == 0) return "not found";
int t = ++signal[k - 1];
if (t == words.Length - 1) {konec[k - 1] = true;
signal[k - 1] = 0;

break;
}
pass[k - 1] = words[t];
konec[k] = false;

}
}
for (int i = 0; i < words.Length; i++)
{

if (!konec[flag])
{
pass[flag] = words[i];

MD5 md55 = System.Security.Cryptography.MD5.Create();

Do yourself a favor, an stick using System.Security.Cryptography; at the top of the code file - then you can shorten this line to MD5 md55 = MD5.Create(); - but md55 is a bad name that doesn't mean anything. Perhaps engine, or hashProvider... anything but md55!

char[] words

That is a confusing name - characters aren't words, a better name for this array could be tokens, perhaps.

if (k == 0) return "not found";

What if the password happened to be "not found"? I think this is a situation where you would want to throw an exception of some sort, instead of tweaking the meaning of the return value.

Thread t = new Thread(() => ...

Starting your own thread is rarely a good idea. Look into the Task Parallel Library (TPL) in the System.Threading.Tasks namespace, and let the framework handle all the threading dirtiness for you. Also, starting a new thread incurs some overhead - if I'm not sticking a foot in my mouth here, using the TPL the framework determines if it's a good idea to start a new thread or to let code run sequentially... which may buy you some extra performance right here.

I would extract a method here, the anonymous method isn't buying you anything and contributes to make your click handler look like it's some "God button" that knows everything and does everything.

Thread.CurrentThread.Abort();

That's part of the threading nastiness you get to avoid with tasks. Aborting a thread is rarely a sane thing to do. I don't know much about multithreading, but this definitely rings a "no-no" bell.

else
        {
        }

Dead code. Don't think, remove.

tajm.Text = (time.Elapsed.TotalSeconds).ToString();

You really need to work on naming. It's not going to make your code run any faster, but tajm doesn't mean anything to anyone maintaining your code. Be descriptive!

StackExchange Code Review Q#77755, answer score: 13