Posted on by

ICIW2008: Using Markov Models to Crack Passwords

Reiner van Heerden , CSIR Pretoria, South Africa

  • passwords are part of everyday life
  • password model
    • crack passwords
    • measure strength
  • suggested rules
    • upper & lower case
    • numerals
    • 8 character minimum
    • no dictionary words
    • no names
    • easy to remember
  • People keep using a single password for everything
  • Asdf1234
    • follows those rukes
    • possible patterns
      • start w/ cap
      • follow w/ keyboard sequences
      • end w/ numerals
  • tradeoff between security & memory
    • avg length 7-8 char
    • advice usually ignored
    • dictionary words & numbers are popular
    • special char use limited
    • memory is the key factor of choice
  • Markov model
    • sequence of events for which… just see the photos
  • Results (see photo, actually very interesting)
  • Uses
    • defensively as a password strength evaluator
    • offensively as a tool to enhance password guessing
Posted in 1Tagged

Published by Michael Sauers

Michael Sauers is currently the Director of Technology for Do Space in Omaha, NE. Michael has been training librarians in technology for the past twenty years and has also been a public library trustee, a bookstore manager for a library friends group, a reference librarian, serials cataloger, technology consultant, and bookseller since earning his MLS in 1995 from the University at Albany’s School of Information Science and Policy. Michael has also written dozens of articles for various journals and magazines and his fourteenth book, Emerging Technologies: A Primer for Librarians (w/ Jennifer Koerber) was published in May 2015 and more books are on the way. In his spare time he blogs at travelinlibrarian.info, runs The Collector’s Guide to Dean Koontz Web site, takes many, many photos, and typically reads more than 100 books a year.

Leave a Reply

Your email address will not be published. Required fields are marked *