undefined | Better HN

0 pointsTheOtherHobbes10y ago0 comments

Even simpler, it:

1. Finds the substrings that are popular in passwords. 2. Combines them to make likely passwords that haven't been tried yet. 3. Rinse and repeat

Useful against noob passwords - of which are there many in the wild - and more effective for some applications than the usual dictionary search.

But ineffective against randomised strings like KPF27k5ANv791P2Yi88xd88D7iALX3kH, or against XKCD random word salad passwords like QuantumGerundApoptosis as long as they include at least one unusual word.

0 comments

3 comments · 1 top-level

lyle_nel10y ago· 2 in thread

Yes it is completely useless against random strings as one would expect, but with word salad it not completely useless. For example, it can find words like "tequieromuchogerald" and "paulaalejandrailove" easily enough. I haven't fully explored its ability to do this, but I suspect starting with a dictionary of words instead of a random population might aid it in finding XKCD like random passwords. In general I don't disagree though, passphrases if chosen correctly can be completely intractable to a password cracker.

saganus10y ago

It might be interesting to use the word frequency of the target language as some sort of weight for each word, or maybe as a multiplier for the number of times that word will get pushed to the back of the queue, i.e. the words with the most frequency get to be repeated more than 1 time when pushed to the back, or something like that.

lyle_nel10y ago

I see what you are saying. To some extent this is already true ,since high frequency ngrams(substrings) already dominate the gene-pool if they happen to facilitate the production of a large amount viable offspring. That is why you would see swearwords with high frequency since that is what many people use for passwords(in the case of the myspace list).

j / k navigate · click thread line to collapse