11-02-2015, 04:34 AM
15+ character passwords. Dictionaries and rule mangling have worked better than I expected, specifically the human0id lists. Sports teams and book titles were the low hanging fruit. Combining firstname/firstname and firstname/lastname dictionaries also provided a number of hits. Combining generic dictionaries wasn’t too successful by itself, but using morph to create insert rules against the combined lists was productive. I had some success with phrases but for some reason they all used l33t speak. I’m assuming user training used something similar as an example.
I used cewl to create some lists and mangle them. This found a few. Keyboard combinations was a bust. I was sure I would hit on one or two.
Brute-force and mask are not really an option at this length. Hybrid won’t work because of how the passwords are allowed to be crafted. I haven’t tried permutation yet and I don’t think I have cracked enough to use fingerprint attack.
I used prince to feed a rule based attack but didn’t get any hits. This surprised me a little. It could be I need a better prince dictionary strategy for long passwords. I personally think finding a way to craft phrases and sentences quickly will be the death knell to passwords. I might try aprizm's idea and combinator (noun, verb, adjective, noun) for giggles.
So far I’ve cracked about 15% of the total. My gut tells me dictionary attacks with rules are the way to go but mostly I’m fishing for ideas. I haven't found a lot of discussions in open forums on the specifics of 15+ cracking.
r
I used cewl to create some lists and mangle them. This found a few. Keyboard combinations was a bust. I was sure I would hit on one or two.
Brute-force and mask are not really an option at this length. Hybrid won’t work because of how the passwords are allowed to be crafted. I haven’t tried permutation yet and I don’t think I have cracked enough to use fingerprint attack.
I used prince to feed a rule based attack but didn’t get any hits. This surprised me a little. It could be I need a better prince dictionary strategy for long passwords. I personally think finding a way to craft phrases and sentences quickly will be the death knell to passwords. I might try aprizm's idea and combinator (noun, verb, adjective, noun) for giggles.
So far I’ve cracked about 15% of the total. My gut tells me dictionary attacks with rules are the way to go but mostly I’m fishing for ideas. I haven't found a lot of discussions in open forums on the specifics of 15+ cracking.
r
