Dictionary for long passwords - Tips and ideas
#5
(08-08-2018, 10:36 AM)DanielG Wrote: Unfortunately Cambridge University didn't post it (anywhere I could find), but researchers are nice people so you could try contacting the people in the paper.

You could look at https://github.com/Phildo/expandpass to make lists, this allows you to define lists and rules and feed it into hashcat.
For the wordlist with "movie titles, sport team names, books, names of places and people, as well as commonly used words" you must again consider the possible combinations. Every word you add multiplies your search time. The reason passphrases work so good is because with a bit of imagination you can come up with a non standard phrase that is practically uncrackable.

You mentioned Diceware, if you would follow the most standard instructions (roll for a group of five) then you will need to bruteforce a space of '64.6 bits'. Again on a GTX 1070Ti FE (40000 MH/s for NTLM) this would take 22 years to process.

Don't underestimate the power of throwing a few words together.

My best guess is to make a dictionary with commonly used phrases, start them with a uppercase letter and add an exclamation mark at the end and see how long that takes to process. Don't start with adding symbols/years or other more complex things.

Thank you so much for the help! I definitely feel like I now have more grasp on what would be a feasible approach to this :-)


Messages In This Thread
RE: Dictionary for long passwords - Tips and ideas - by eriden - 08-08-2018, 11:42 AM