Notes

Experience so far with passwords:

One was a three word phrase (in full rockyou.txt)

Another one was the word "secret", or something or other (in common passwords/short password list)

Latest:

common word + 2 digits (another terrible one - top 1 mil pws, alleged gmail passwords, rockyou)

8 digits, first 6 prime numbers (this one is terrible - top 1 mil pws, alleged gmail, honeynet, md5decryptor, mil-dic, rockyou)

two names put together (in alleged gmail passwords)

Rules gathered from this:

• Make good use of rockyou - it has EVERYTHING.
• Certain numbers are more common, like 33. Certain words match certain patterns. Like, imnumber and a number
• Numbers only - there are lots of numbers-only passwords that are patterns (most in rockyou, lots that are strange). These are basically THE lowest-hanging fruit.
• Appended numbers - start with the easy ones. low-hanging fruit.

Strategies:

• There are a lot of strategies that could be implemented to speed things up and make efficient use of things like common pin numbers, common number pws, common words, etc.
• This was the intention behind some of the scripts I wrote, but those have turned out to be more of a scheduling/maintenance/record-keeping thing, than anything else. It's mainly a collection of dictionaries and rules, used in combination. Use these dictionaries, apply these rules.
• Better approach would involve more stacked/layering. More autonomy.

Ideas

Better implementation:

• Attack with known passwords
• Also attack with generated passwords

To generate:

• Use a series of plain English dictionaries, all lowercase
  • Most common 1,000 words, most common 10,000 words
  • Cities - sportsball - teams, buildings, boroughs, streets
  • Most common 1,000 or 10,000 Spanish/French/German words
• Words + 1 number
• Words + 2 numbers
• Words + 1 number + 1 symbol
• Words + 2 numbers + 2 symbols
• 1 number + words
• 2 numbers + words
• 1 number + 1 symbol + words
• 2 numbers + 2 symbols + words
• Letter + Words + ...

etc...