Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANWtx01QNdq=dyq0Dg9fxODjMUSTJJXPWknAA4+-bFq4ugMw3g@mail.gmail.com>
Date: Thu, 11 Jun 2015 10:47:06 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: PRINCE mode: sequence of generated passwords

On Thu, Jun 11, 2015 at 4:32 AM, Frank Dittrich
<frank.dittrich@...lbox.org> wrote:
> How hard would it be to implement another sequence (controlled by an
> additional --prince-* option)?
> The alternative sequence should assume that words on top of the password
> list are more likely.
Most of my wordlists are sorted by alphabet, I know most peoples are
probably too.

> Another alternative would assign a weight to each word (depending on the
> position in the word list), and then generate the sequence according to
> the total weight (e.g., the sum of weight of each word).
> This might be harder to implement efficiently, but would prefer
> combinations of two words over combinations of three words.
I've postulated about something like this in the past, I didn't
expound on it, and this was before Prince was a thing, and then when
it was :)
http://www.openwall.com/lists/john-users/2012/11/16/10
http://www.openwall.com/lists/john-users/2014/12/10/5
The users I train for Security Awareness, I tell them to use
misspellings and homophones and length, and it's harder for me to
crack them next quarter.
https://xinn.org/blog/Choosing-Stronger-Passwords.html
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.