1. IT-Security >
  2. Podcasts >
  3. HPR3107: Generating comfortable passwords

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

HPR3107: Generating comfortable passwords


Podcasts vom | Direktlink: hackerpublicradio.org Nachrichten Bewertung

Random Password Generation

First implementation: 14 character long with 6 letters and 8 digits

#!/usr/bin/env python3
# file: passgen-v1.py

import random

LETTERS = "abcdefghijklmnopqrstuvwxyz"

if __name__ == "__main__":

    passwd = []

    for i in range(6):
            passwd.append(random.choice(LETTERS))

    for i in range(8):
            passwd.append(random.choice("1234567890"))

    print("".join(passwd))

The passwords that come out of this are a bit difficult to type so I forced it to alternate between the left and right hands

#!/usr/bin/env python3
# file: passgen-v2.py

import random

LEFTS = "',.pyaoeui;qjkx"
RIGHTS = "fgcrldhdhtns-bmwvz"

if __name__ == "__main__":

    passwd = []

    for i in range(6):
        if i % 2 == 0:
            passwd.append(random.choice(LEFTS))
        else:
            passwd.append(random.choice(RIGHTS))

    for i in range(8):
        if i % 2 == 0:
            passwd.append(random.choice("123456"))
        else:
            passwd.append(random.choice("7890"))

    print("".join(passwd))

The regularity of switching between left and right hands (intuitively, and almost surely) decreases the entropy of the password, so use markov models to make that happen for the most part but critically NOT enforce it.

#!/usr/bin/env python3
# file: passgen-v3.py

import random

Ls = [
    "aoeui",  # L1
    "',.py",  # L2
    ";qjkx",  # L3
    "123456", # L4
    "-snthd", # R1
    "lrcgf",  # R2
    "zvwmb",  # R3
    "7890"    # R4
]

A = [[ .03,  .03,  .03, .01,  .27,  .27,  .27, .09],
     [ .03,  .03,  .03, .01,  .27,  .27,  .27, .09],
     [ .03,  .03,  .03, .01,  .27,  .27,  .27, .09],
     [.004, .003, .003, .09,  .03,  .03,  .03, .81],
     [ .27,  .27,  .27, .09,  .03,  .03,  .03, .01],
     [ .27,  .27,  .27, .09,  .03,  .03,  .03, .01],
     [ .27,  .27,  .27, .09,  .03,  .03,  .03, .01],
     [ .03,  .03,  .03, .81, .004, .003, .003, .09]]

pi = [ .41, .03, .03, .03, .41, .03, .03, .03]

def sample( l ):
    l_partial = [ sum(l[:i+1],0) for i in range(len(l))]
    u = random.uniform(0,1)
    for j,v in enumerate(l_partial):
        if v > u:
            return j

if __name__ == "__main__":

    passwd = []

    s = sample(pi)
    for i in range(20):
        s = sample(A[s])
        passwd.append(random.choice(Ls[s]))

    print("".join(passwd))

For increased entropy should also consider peppering in a few upper case characters.

#!/usr/bin/env python3
# file: passgen-v3.py

import random

Ls = [
    "aoeui",  # L1
    "',.py",  # L2
    ";qjkx",  # L3
    "123456", # L4
    "-snthd", # R1
    "lrcgf",  # R2
    "zvwmb",  # R3
    "7890"    # R4
]

A = [[ .03,  .03,  .03, .01,  .27,  .27,  .27, .09],
     [ .03,  .03,  .03, .01,  .27,  .27,  .27, .09],
     [ .03,  .03,  .03, .01,  .27,  .27,  .27, .09],
     [.004, .003, .003, .09,  .03,  .03,  .03, .81],
     [ .27,  .27,  .27, .09,  .03,  .03,  .03, .01],
     [ .27,  .27,  .27, .09,  .03,  .03,  .03, .01],
     [ .27,  .27,  .27, .09,  .03,  .03,  .03, .01],
     [ .03,  .03,  .03, .81, .004, .003, .003, .09]]

pi = [ .41, .03, .03, .03, .41, .03, .03, .03]

UPPER=.1

def sample( l ):
    l_partial = [ sum(l[:i+1],0) for i in range(len(l))]
    u = random.uniform(0,1)
    for j,v in enumerate(l_partial):
        if v > u:
            return j

if __name__ == "__main__":

    passwd = []

    s = sample(pi)
    for i in range(20):
        s = sample(A[s])
        c = random.choice(Ls[s])
        u = random.uniform(0,1)
        if u < UPPER:
            c = c.upper()
        passwd.append(c)

    print("".join(passwd))

Finally, generating the matrix by hand was a bit of a pain, so I made it a bit easier by making a small procedure with few control knobs (the variables SWITCH_HAND and SWITCH_CHAR which control how likely it is that a character pair will result in a hand switch, or a switch between general characters and digits).

#!/usr/bin/env python3

import random
import numpy

# this version uses a markov chain to make it more likely to alternate hands
# (in dvorak) so that the password is easy to type (in dvorak)

Ls = [
    "aoeui",  # L1
    "',.py",  # L2
    ";qjkx",  # L3
    "123456", # L4
    "-snthd", # R1
    "lrcgf",  # R2
    "zvwmb",  # R3
    "7890"    # R4
]

SWITCH_HAND = .8
SWITCH_CHAR = .3
UPPER=.1

def prob( i , j ):
    switch_hand = int(i / 4) != int(j / 4)
    to_num = (j % 4) == 3
    from_num = (i % 4) == 3

    prob = 1

    if to_num and from_num:
        prob *= (1 - SWITCH_CHAR)
    elif to_num:
        prob *= (SWITCH_CHAR)
    elif from_num:
        prob *= (SWITCH_CHAR / 3)
    else:
        prob *= ((1 - SWITCH_CHAR) / 3)

    if switch_hand:
        prob *= SWITCH_HAND
    else:
        prob *= (1 - SWITCH_HAND)

    return prob


A = numpy.array([ [ prob(i,j) for j in range(8)  ] for i in range(8) ])

pi = [ 1.0 / 8 for i in range(8) ]

def sample( l ):
    l_partial = [ sum(l[:i+1],0) for i in range(len(l))]
    u = random.uniform(0,1)
    for j,v in enumerate(l_partial):
        if v > u:
            return j

if __name__ == "__main__":

    passwd = []

    s = sample(pi)
    for i in range(20):
        s = sample(A[s])
        c = random.choice(Ls[s])
        u = random.uniform(0,1)
        if u < UPPER:
            c = c.upper()
        passwd.append(c)

    print("".join(passwd))
...

Externe Webseite mit kompletten Inhalt öffnen



http://hackerpublicradio.org/eps.php?id=3107

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • PCFG Cracker - Probabilistic Context Free Grammar (PCFG) Password Guess Generator

    vom 150.69 Punkte ic_school_black_18dp
    PCFG = Probabilistic Context Free GrammarPCFG = Pretty Cool Fuzzy GuesserIn short: A collection of tools to perform research into how humans generate passwords. These can be used to crack password hashes, but also create synthetic passwords (honeywords), or help develop better password strength algorithmsDocumentationAcademic Papers:Original 2009 IEEE Security and Privacy paper on PCFGs for password
  • How you can share passwords safely with friends and family

    vom 142.98 Punkte ic_school_black_18dp
    http://bit.ly/366dCkG How you can share passwords safely with friends and family we’ve all been informed infinite instances to by no means proportion your passwords. now not even together with your nearest and dearest. this is tremendous recommen
  • Free Netflix Accounts & Passwords May-2020 (100% Working)

    vom 89.35 Punkte ic_school_black_18dp
    Free Netflix Accounts & Passwords 2020 (100% Working) Founded in 1997, Netflix Inc. becomes one of the world's most famous leading streaming entertainment service with more than 183 million paid memberships in over 190 countries enjoying TV series, NETFL
  • Should I start using a password manager?

    vom 84.38 Punkte ic_school_black_18dp
    (using a throwaway-ish account because i'm detailing how i generate my passwords) (sorry mods if this isn't relevant. I'm not 100% sure if this is the right sub but it's the most relevant one I know of.) Lately I've heard a lot of people recommendi
  • Should I start using a password manager?

    vom 84.38 Punkte ic_school_black_18dp
    (using a throwaway-ish account because i'm detailing how i generate my passwords) (sorry mods if this isn't relevant. I'm not 100% sure if this is the right sub but it's the most relevant one I know of.) Lately I've heard a lot of people recommendi
  • Should I start using a password manager?

    vom 84.38 Punkte ic_school_black_18dp
    (using a throwaway-ish account because i'm detailing how i generate my passwords) (sorry mods if this isn't relevant. I'm not 100% sure if this is the right sub but it's the most relevant one I know of.) Lately I've heard a lot of people recommendi
  • XposedOrNot - Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords

    vom 84.38 Punkte ic_school_black_18dp
    XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.What is Xposed Passwords?The main aim of this proje
  • net-creds – Sniff Passwords From Interface or PCAP File

    vom 79.42 Punkte ic_school_black_18dp
    net-creds is a Python-based tool for sniffing plaintext passwords and hashes from a network interface or PCAP file – it doesn’t rely on port numbers for service identification and can concatenate fragmented packets. Features of net-creds for Sniffing
  • List of Top 25 Worst Passwords of 2018 Based On 5 Million Leaked Passwords

    vom 79.42 Punkte ic_school_black_18dp
    Passwords are the strings of cards used to verify the identity of the user, when the passwords are extracted they are free simple and viable approach to gain access to unapproved individuals accounts. After evalvating millions of passwords SplashData determines the common passwords used by Internet users during that year. The most
  • HPR3111: HPR Community News for June 2020

    vom 78.33 Punkte ic_school_black_18dp
    New hosts There were no new hosts this month. Last Month's Shows Id Day Date Title Host 3086 Mon 2020-06-01 HPR Community News for May 2020 HPR Volunteers 3087 Tue 2020-06-02 Phonetic alphabet klaatu 3088 Wed 2020-06-03 Matchbox Restoration Part 2 Tony Hughes AKA TonyH1212 3089 Thu 2020-06-04 For my
  • Hydra 9.0 - Fast and Flexible Network Login Hacker

    vom 74.45 Punkte ic_school_black_18dp
    Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a s
  • Free Netflix Premium Accounts & Passwords-2020 {100% Working}

    vom 74.45 Punkte ic_school_black_18dp
    Free Netflix Premium Accounts & Passwords-2020 {100% Working} Free Working Netflix Accounts 2020: This article is for the users who are frequently searching for free Netflix premium accounts or if you are not interested to buy Netflix or to upgrade Netflix to pr

Team Security Diskussion über HPR3107: Generating comfortable passwords