Firewall Wizards mailing list archives
Re: "Proactive" Password Checking
From: Andreas Gunnarsson <zzlevo () dd chalmers se>
Date: Mon, 15 Nov 1999 13:55:18 +0100 (MET)
On Thu, 11 Nov 1999, Rick Smith wrote:
Has anyone heard of attempts to turn this around, and use the Markov model to generate candidate passwords for a dictionary attack? I suppose I'm looking for an algorithm that might generate passwords containing shorter words concatenated together before it generates longer but less common words.
I don't know the Markov model, but I have made a program that when fed a dictionary generates other strings that resemble those words. It works with trigrams; it keeps track of how many times a given trigram occurs in the dictionary, and then it generates words consisting of the most common trigrams. It deals with the first trigram, last trigram and any trigram in the middle of the word separately. The number of words generated can be controlled by setting the threshold for "common" trigrams. When feed your article through the program, the following words were generated: fords genet modea model peral peram seven sever stack words Only "model" and "words" actually occurs in the article. I've used this to generate word lists for "crack" when checking how secure passwords are at the system I'm administrating, but only few hits have been found that aren't in a word list. Andreas ------------------------------------------------------------------------------ zzlevo () dd chalmers se * Andreas Gunnarsson * http://www.dd.chalmers.se/~zzlevo
Current thread:
- RE: "Proactive" Password Checking, (continued)
- RE: "Proactive" Password Checking Andreas Gunnarsson (Nov 14)
- Re: "Proactive" Password Checking Dorian Moore (Nov 14)
- Re: "Proactive" Password Checking Zzzil (Nov 14)
- RE: "Proactive" Password Checking bhe (Nov 14)
- RE: "Proactive" Password Checking Moore, James (Nov 14)
- Re: "Proactive" Password Checking Joseph S D Yao (Nov 17)
- RE: "Proactive" Password Checking Bill_Royds (Nov 14)
- RE: "Proactive" Password Checking Eric Toll (Nov 15)
- Re: "Proactive" Password Checking Joseph S D Yao (Nov 17)
- RE: "Proactive" Password Checking Moore, James (Nov 15)
- Re: "Proactive" Password Checking Andreas Gunnarsson (Nov 15)
- RE: "Proactive" Password Checking sean . kelly (Nov 15)
- Re: "Proactive" Password Checking Eric Toll (Nov 15)
- RE: "Proactive" Password Checking Moore, James (Nov 17)
- RE: "Proactive" Password Checking Russ (Nov 17)
- Re: "Proactive" Password Checking Aleph One (Nov 18)
- RE: "Proactive" Password Checking Vin McLellan (Nov 17)
- RE: "Proactive" Password Checking Moore, James (Nov 17)
- RE: "Proactive" Password Checking Matt Carothers (Nov 21)
- Re: "Proactive" Password Checking Barney Wolff (Nov 17)
- Re: "Proactive" Password Checking Eric Budke (Nov 18)