Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "Proactive" Password Checking

From: Rick Smith <rick_smith () securecomputing com>
Date: Thu, 11 Nov 1999 16:25:13 -0600
This thread got me thinking about something I haven't seen discussed in
quite a while (probably because I haven't looked in the right places, but
never mind).

Several years ago I read a paper that described a password checking
procedure based on a Markov model of common English words and phrases.
Perhaps it was simply digram statistics; I forget the details. But the
basic idea was to use the Markov model to estimate the likelihood that a
given password was a word, and thus potentially vulnerable to a dictionary
attack.

Has anyone heard of attempts to turn this around, and use the Markov model
to generate candidate passwords for a dictionary attack? I suppose I'm
looking for an algorithm that might generate passwords containing shorter
words concatenated together before it generates longer but less common words.

This would essentially be the "killer" dictionary attack, since it wouldn't
even need a precompiled dictionary, other than the model statistics.

Anyone remember a reference to any of this?


Rick.
smith () securecomputing com
"Internet Cryptography" at http://www.visi.com/crypto/
Previous By Date Next
Previous By Thread Next

Current thread: