Posts: 46
Threads: 9
Joined: Apr 2014
(08-16-2016, 01:36 AM)jodler303 Wrote: grep "1a2s3d4f" 10-million-combos.txt | wc -l
176
grep "1a2s3d" 10-million-combos.txt | wc -l
266
grep "adgjl" 10-million-combos.txt | wc -l
70
grep "qetu" 10-million-combos.txt | wc -l
163
grep "123zxc" 10-million-combos.txt | wc -l
365
grep "1234zxcv" 10-million-combos.txt | wc -l
85
grep "1234asdf" 10-million-combos.txt | wc -l
105
grep "123asd" 10-million-combos.txt | wc -l
542
grep "qzwxec" 10-million-combos.txt | wc -l
104
grep "1z2x3c4v" 10-million-combos.txt | wc -l
161
Values for comparison (keyboard walks without "skip"):
grep "asdfgh" rockyou.txt | wc -l
518
grep "qwerty" rockyou.txt | wc -l
1775
grep "qwertz" rockyou.txt | wc -l
53
As expected the counts are less than with simpler non-skipping walks. It's not nothing, though. I let you guys decide if thats worth further work, or not. I just came up with the idea because i thought i'd use it myself if someone asked/forced me to do a keyboard walk.
Some people seem to be really creative about their skipping tactics. Most of the "funny ideas" i've tried within the last minutes would find at least one match:
grep "1awx3drv" 10-million-combos.txt | wc -l
1
grep "piyrw" 10-million-combos.txt | wc -l
13
grep "ljgda" 10-million-combos.txt | wc -l
10
grep "1z2x3c4v5b" 10-million-combos.txt | wc -l
76
Interesting. Thanks! I'd say the numbers are compelling enough to have a solution. Just my opinion.
Posts: 87
Threads: 4
Joined: Dec 2015
08-16-2016, 01:13 PM
(This post was last modified: 08-16-2016, 01:59 PM by jodler303.)
BTW another tool that i'm currently looking for, although that's really a different topic, is:
"take a sentence and only use the first letter of each word"
I've also used this a lot for my own passwords in the past, before i moved on to passwords created by a password generator. - I have seen this the first time already 20 years ago, with "Our father who art in Heaven, ..." which would result in ofwaih. In fact it took several years to find out where "vuihgwdn" came from, thats the german version "Vater unser im Himmel, geheiligt werde dein Name. ...". Actually a priest told me years later, because he did recognize the pattern LOL.
# our father who art in heaven ...
grep "ofwaih" 10-million-combos.txt | wc -l
6
# timsp = this is my secret password
grep -i "timsp" 10-million-combos.txt | wc -l
26
# my dirty little secret
grep -i "mdls" 10-million-combos.txt | wc -l
15
But the counts are quite low. - Might be unattractive for hashdump cracking, but if you need "that one single password" any candidate is a win, right?
--
edit:
And yet another idea: SSIDs that are not pre-defined defaults are also user-chosen strings and therefore might be a source for additional statistics. As most of you know there are databases like wigle.net, so maybe it's also worth a try getting all user-defined SSIDs and see how they perform on password cracking. I have seen SSIDs that are actually keyboard walks (therefore also potentially a password somewhere else), and other SSIDs that just look like a password. Many will be useless, though. - However, simple scenario: a reversed SSID might just be the password for that wifi. - Many places like bars and restaurants had similar wifi passwords (in the sense of low levenshtein distance) which were closely related to the SSID. And so on ...
Posts: 5,185
Threads: 230
Joined: Apr 2010
I had the same thoughts initially, but after some time I came to the conclusion that there needs to be some limit. There needs to be a hard limit of what is a keyboard walk. The only thing that made sense was to use only adjacent tiles. Everything else to an unlimited number of pattern, like this circle: 1v2c3x4zrafq but that's not a keyboard walk for me anymore.
Posts: 5,185
Threads: 230
Joined: Apr 2010
OK, I just pushed the discussed feature to the GitHub repo. The kwp now is able to "jump over" a key, for example to generate a password like "a13d". This means it's no longer bound to just adjacant tiles. The default is set to not jump over a key, but you can use the new parameter:
--keywalk-distance-min
--keywalk-distance-max
To define a range for that. For example for the password above you need route "111" stored in "r" and use this command:
Code:
./kwp basechars/tiny.base keymaps/en.keymap r -n 2 -x 2 -0 | grep 1a3d
1a3d
The implementation is now using a 834-dimensional configuration, which is just important to know if you're writing a new route. For example, the chunk "1ay", which both is basically 2*SOUTH, is not "2" as you might think. It's "11", because SOUTH+basic-mod+distance-1 is different to SOUTH+basic-mod+distance-2.
--
I've also added a new route 2-to-4-exhaustive-prince.route which simply produces all keyboard-walk chunks of length 2 to 4. With this, using in combination with princeprocessor, you can generate extreme compley keyboard-walk pattern of any length. Note that princeprocessor supports reading from stdin, so you can pipe kwp to pp :)
--
atom
