Firewall Wizards mailing list archives
Re: "Proactive" Password Checking
From: Rick Smith <rick_smith () securecomputing com>
Date: Thu, 11 Nov 1999 16:25:13 -0600
This thread got me thinking about something I haven't seen discussed in quite a while (probably because I haven't looked in the right places, but never mind). Several years ago I read a paper that described a password checking procedure based on a Markov model of common English words and phrases. Perhaps it was simply digram statistics; I forget the details. But the basic idea was to use the Markov model to estimate the likelihood that a given password was a word, and thus potentially vulnerable to a dictionary attack. Has anyone heard of attempts to turn this around, and use the Markov model to generate candidate passwords for a dictionary attack? I suppose I'm looking for an algorithm that might generate passwords containing shorter words concatenated together before it generates longer but less common words. This would essentially be the "killer" dictionary attack, since it wouldn't even need a precompiled dictionary, other than the model statistics. Anyone remember a reference to any of this? Rick. smith () securecomputing com "Internet Cryptography" at http://www.visi.com/crypto/
Current thread:
- RE: "Proactive" Password Checking, (continued)
- RE: "Proactive" Password Checking Moore, James (Nov 08)
- RE: "Proactive" Password Checking Russ (Nov 09)
- RE: "Proactive" Password Checking Eric Toll (Nov 10)
- Re: "Proactive" Password Checking Joseph S D Yao (Nov 10)
- Re: "Proactive" Password Checking Alec Muffett (Nov 10)
- RE: "Proactive" Password Checking daN. (Nov 15)
- Re: "Proactive" Password Checking Eric Toll (Nov 10)
- Re: "Proactive" Password Checking Rick Smith (Nov 11)
- Re: "Proactive" Password Checking Eric Budke (Nov 14)
- Message not available
- Re: "Proactive" Password Checking Eric Budke (Nov 17)
- Re: "Proactive" Password Checking Rick Smith (Nov 11)
- Re: "Proactive" Password Checking Rick Smith (Nov 14)
- RE: "Proactive" Password Checking Andreas Gunnarsson (Nov 14)
- Re: "Proactive" Password Checking Dorian Moore (Nov 14)
- Re: "Proactive" Password Checking Joseph S D Yao (Nov 17)
- Re: "Proactive" Password Checking Joseph S D Yao (Nov 17)