Infiltrator Posted March 20, 2012 Share Posted March 20, 2012 Cambridge University Study Says That Multi Word Passphrases Not As Secure As You Might Think The research paper, by Joseph Bonneau and Ekaterina Shutova, studied data taken from the now-defunct Amazon PayPhrase system (which was only availbale in the US) to learn how people choose passphrases in general. The pair then set about trying to guess the passphrases using a dictionary attack based on movie titles, sports team names, and other types of proper nouns taken from Wikipedia. Using this method the researchers cracked about 8,000 phrases. http://www.livehacking.com/2012/03/19/cambridge-university-study-says-that-multi-word-passphrases-not-as-secure-as-you-might-think/ Quote Link to comment Share on other sites More sharing options...
digininja Posted March 20, 2012 Share Posted March 20, 2012 The same argument could be made for any password based on words from a given language, if you make a dictionary with those phrases or strings in them then you will be able to brute force the account. Change the space to a * between words and the dictionary becomes useless. I've heard some testers have dictionaries which contain famous quotes, phrases and even song lyrics, I've rarely found that going beyond a mix of the Rockyou list and the Websters dictionary is necessary, one of the words or a simple mangle of it will get you in most places. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 20, 2012 Author Share Posted March 20, 2012 Change the space to a * between words and the dictionary becomes useless. That's exactly what I do, I always place special characters in between the phrases and words. Quote Link to comment Share on other sites More sharing options...
Guest Deleted_Account Posted March 24, 2012 Share Posted March 24, 2012 The same argument could be made for any password based on words from a given language, if you make a dictionary with those phrases or strings in them then you will be able to brute force the account. Change the space to a * between words and the dictionary becomes useless. I've heard some testers have dictionaries which contain famous quotes, phrases and even song lyrics, I've rarely found that going beyond a mix of the Rockyou list and the Websters dictionary is necessary, one of the words or a simple mangle of it will get you in most places. I have websters,quotes, songs, phrases and so forth. Last I checked it was a 1.3GB file. Mostly from scapping words off of sites like wikipedia. I also added in those leaked passwords from the anon/lulzsec attacks. Pretty much gets in to anything (that an average person would use). Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 24, 2012 Author Share Posted March 24, 2012 (edited) I have websters,quotes, songs, phrases and so forth. Last I checked it was a 1.3GB file. Mostly from scapping words off of sites like wikipedia. I also added in those leaked passwords from the anon/lulzsec attacks. Pretty much gets in to anything (that an average person would use). There are tools like CeWL, from http://www.digininja.org/projects_general.php that you can use to spider through an entire website and built a list of words it finds. Very handy tool to have, one of my favorites. Edited March 24, 2012 by Infiltrator Quote Link to comment Share on other sites More sharing options...
digininja Posted March 24, 2012 Share Posted March 24, 2012 Glad you like CeWL. Quote Link to comment Share on other sites More sharing options...
Guest Deleted_Account Posted March 26, 2012 Share Posted March 26, 2012 There are tools like CeWL, from http://www.digininja.org/projects_general.php that you can use to spider through an entire website and built a list of words it finds. Very handy tool to have, one of my favorites. Thanks! I will have to check it out. Sounds interesting. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.