Cryptography Reference
In-Depth Information
Some modification rules:
Add characters to the beginning or end: xfred, freddy.
Convert to uppercase or lowercase letters: FRED, fred.
Use uppercase for the first letter of the word only: Fred.
Write the word backwards: derF (or combine the last two possibilities: Derf).
Write the word twice: FredFred.
Reflect the word: FredderF.
Overwrite a certain position with a different character: Frxd.
Insert a character in a certain position: Fried.
Replace a character by another one: Frad.
Use parts of the word: red.
Use arbitrary combinations of the possibilities above and their negations.
Some selection rules:
State the minimum and/or maximum length.
Select or exclude words that include certain characters.
Select
or
exclude
certain
patterns
or
numbers
of
vocal-consonant
changes.
Crack uses a special high-performing language for these things. The selection
options can be formulated much more solidly than their equivalent regular expres-
sions in UNIX tools (such as egrep ).
Figure 3.6: Modification and selection rules of Crack .
a user learns that his password was guessed, he will hopefully select a better
one. A security-aware system administrator will pay attention to these things,
just as well as they will choose a good UNIX password program to be used
to define or change passwords. (I can think of goodpasswd under SCO UNIX
which rejects poor passwords. Unfortunately, it is not common to find such an
important feature.)
This is a big deal. Imagine a situation where a company fires an employee.
Maliciously, our ex-employee secretly copies the password file /etc/password .
Search WWH ::




Custom Search