1996-07-09 - Re: Word lists for passphrases

Header Data

From: Alan Olsen <alano@teleport.com>
To: ncognito@gate.net (Ben Holiday)
Message Hash: a116e17a47f49404b0e28fa03d19b37e338b0a6b62d28989abb1b17100dbfbcc
Message ID: <2.2.32.19960709044304.00b09650@mail.teleport.com>
Reply To: N/A
UTC Datetime: 1996-07-09 09:19:08 UTC
Raw Date: Tue, 9 Jul 1996 17:19:08 +0800

Raw message

From: Alan Olsen <alano@teleport.com>
Date: Tue, 9 Jul 1996 17:19:08 +0800
To: ncognito@gate.net (Ben Holiday)
Subject: Re: Word lists for passphrases
Message-ID: <2.2.32.19960709044304.00b09650@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:10 PM 7/8/96 -0500, Igor Chudov @ home wrote:
>Ben Holiday wrote:
>> If you have access to a shell, and to the news spool, you can generate
>> some quick lists by hopping into the directory of any newsgroup that
>> interests you and doing:
>> 
>> cat * | tr -cs A-Za-z '\n' | tr A-Z a-z | sort | uniq > my-big-ol-wordlist
>> 
>> With most unixes that will generate an alphabetized list of all the unique
>> words in your source text, converted to lowercase. I've had some problems
>> with tr on a few machines, however. Adding a '-c' after 'uniq' will tell
>> you how many times each word occured (useful for grepping out words that
>> appear too infrequently, or too frequently) .. 
>
>Actually I am fairly sure that your selection of words will be mediocre
>at best. There are words (such as nethermost, insatiable, insufferable)
>that are almost never used in news.

If the purpose is for use with "Crack" or some similar program, it might be
better than you would think.  You won't get the "unusual" words, but you
will also get the words in common usage that do not appear in dictionaries.
(Such as fnord, jedi, killfile, and the like...)  You will also get alot of
proper names, which may have been used as passwords.  The idea is that words
in common usage may be more likely to be used as passwords.

Another thing to look for when choosing dictionaries/wordlists for crack is
not sticking to english.  If you have a userbase that is known to have a
certain percentage of people of a non-english background, you will want to
find lists of words from that background.  (I had a sysadmin asking me about
Yiddish and Hebrew wordlists for just that reason.)  These can be a bit
harder.  (Especially for unusual languages.)  But knowing your userbase can
make all the difference in what it might take to crack the passwords from
the outside.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."







Thread