[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Word lists for passphrases




| It is pretty easy to defend against dictionary attacks by using an expanded
| character set--mixed caps and lower case; numbers substituted for some
| letters according to easily-remembered personal rules.
| 
| "Da5id" in "Snow Crash" by Neal Stephenson is an obvious example, since the
| "v" is a roman numeral 5. Another is the "Compuserve method" of inserting
| punctuation characters between words making up a password or key. Since the
| length of the words used is unknown to the cracker, this makes his job
| harder.

You should on the other hand be able to use the username as an indicator
of what kind of password it is;
user "warez" / pass "warez" (but better check the home directory for MS Word)
user "l0pht" / pass "'l33t"
user "feh" / pass "uk4n+r3dt13" (look for zines)

Actually, these kids believe the language they use are hiding them, but I
bet that the letter digrams they present is a immediate marker of "H4k3rz".
It's definitively better than searching for normal "elite, hacker, phracker,
exploit". I just used "l33t" (52), "d00d" (742), "h4qu3r" (5), "sux" (4053)
on AltaVista, to name a few.

-cwe