03-04-2015, 03:47 AM
Now that the hashcats can work on file passwords, at the users requests, a question would be if anyone has studied the difference between login passwords and file passwords.
E.g., someone other than the user dictates the rules about what constitutes a valid login password, while the user gets to choose whatever document or archive password they want.
So login passwords are going to have a pattern influenced by constraints that don't apply to file passwords, so they are liable to have different characteristics.
Has this been studied or discussed anywhere?
And would it have any affect on choosing the types of attacks used?
E.g., someone other than the user dictates the rules about what constitutes a valid login password, while the user gets to choose whatever document or archive password they want.
So login passwords are going to have a pattern influenced by constraints that don't apply to file passwords, so they are liable to have different characteristics.
Has this been studied or discussed anywhere?
And would it have any affect on choosing the types of attacks used?