New Tool: kwprocessor
#11
(08-16-2016, 01:36 AM)jodler303 Wrote: grep "1a2s3d4f" 10-million-combos.txt | wc -l
176

grep "1a2s3d" 10-million-combos.txt | wc -l
266

grep "adgjl" 10-million-combos.txt | wc -l
70

grep "qetu" 10-million-combos.txt | wc -l
163

grep "123zxc" 10-million-combos.txt | wc -l
365

grep "1234zxcv" 10-million-combos.txt | wc -l
85

grep "1234asdf" 10-million-combos.txt | wc -l
105

grep "123asd" 10-million-combos.txt | wc -l
542

grep "qzwxec" 10-million-combos.txt | wc -l
104

grep "1z2x3c4v" 10-million-combos.txt | wc -l
161



Values for comparison (keyboard walks without "skip"):

grep "asdfgh" rockyou.txt | wc -l
518

grep "qwerty" rockyou.txt | wc -l
1775

grep "qwertz" rockyou.txt | wc -l
53


As expected the counts are less than with simpler non-skipping walks. It's not nothing, though. I let you guys decide if thats worth further work, or not. I just came up with the idea because i thought i'd use it myself if someone asked/forced me to do a keyboard walk.


Some people seem to be really creative about their skipping tactics. Most of the "funny ideas" i've tried within the last minutes would find at least one match:

grep "1awx3drv" 10-million-combos.txt | wc -l
1

grep "piyrw" 10-million-combos.txt | wc -l
13

grep "ljgda" 10-million-combos.txt | wc -l
10

grep "1z2x3c4v5b" 10-million-combos.txt | wc -l
76

Interesting. Thanks! I'd say the numbers are compelling enough to have a solution. Just my opinion.
Reply
#12
BTW another tool that i'm currently looking for, although that's really a different topic, is:

"take a sentence and only use the first letter of each word"

I've also used this a lot for my own passwords in the past, before i moved on to passwords created by a password generator. - I have seen this the first time already 20 years ago, with "Our father who art in Heaven, ..." which would result in ofwaih. In fact it took several years to find out where "vuihgwdn" came from, thats the german version "Vater unser im Himmel, geheiligt werde dein Name. ...". Actually a priest told me years later, because he did recognize the pattern LOL.

# our father who art in heaven ...
grep "ofwaih" 10-million-combos.txt | wc -l
6

# timsp = this is my secret password
grep -i "timsp" 10-million-combos.txt | wc -l
26

# my dirty little secret
grep -i "mdls" 10-million-combos.txt | wc -l
15

But the counts are quite low. - Might be unattractive for hashdump cracking, but if you need "that one single password" any candidate is a win, right?


--
edit:
And yet another idea: SSIDs that are not pre-defined defaults are also user-chosen strings and therefore might be a source for additional statistics. As most of you know there are databases like wigle.net, so maybe it's also worth a try getting all user-defined SSIDs and see how they perform on password cracking. I have seen SSIDs that are actually keyboard walks (therefore also potentially a password somewhere else), and other SSIDs that just look like a password. Many will be useless, though. - However, simple scenario: a reversed SSID might just be the password for that wifi. - Many places like bars and restaurants had similar wifi passwords (in the sense of low levenshtein distance) which were closely related to the SSID. And so on ...
Reply
#13
I had the same thoughts initially, but after some time I came to the conclusion that there needs to be some limit. There needs to be a hard limit of what is a keyboard walk. The only thing that made sense was to use only adjacent tiles. Everything else to an unlimited number of pattern, like this circle: 1v2c3x4zrafq but that's not a keyboard walk for me anymore.
Reply
#14
OK, I just pushed the discussed feature to the GitHub repo. The kwp now is able to "jump over" a key, for example to generate a password like "a13d". This means it's no longer bound to just adjacant tiles. The default is set to not jump over a key, but you can use the new parameter:

--keywalk-distance-min
--keywalk-distance-max

To define a range for that. For example for the password above you need route "111" stored in "r" and use this command:

Code:
./kwp basechars/tiny.base keymaps/en.keymap r -n 2 -x 2 -0 | grep 1a3d
1a3d

The implementation is now using a 834-dimensional configuration, which is just important to know if you're writing a new route. For example, the chunk "1ay", which both is basically 2*SOUTH, is not "2" as you might think. It's "11", because SOUTH+basic-mod+distance-1 is different to SOUTH+basic-mod+distance-2.

--

I've also added a new route 2-to-4-exhaustive-prince.route which simply produces all keyboard-walk chunks of length 2 to 4. With this, using in combination with princeprocessor, you can generate extreme compley keyboard-walk pattern of any length. Note that princeprocessor supports reading from stdin, so you can pipe kwp to pp :)

--

atom
Reply