ICIW2008: Using Markov Models to Crack Passwords

Reiner van Heerden , CSIR Pretoria, South Africa

• passwords are part of everyday life
• password model
• crack passwords
• measure strength
• suggested rules
• upper & lower case
• numerals
• 8 character minimum
• no dictionary words
• no names
• easy to remember
• People keep using a single password for everything
• Asdf1234
• follows those rukes
• possible patterns
• start w/ cap
• follow w/ keyboard sequences
• end w/ numerals
• tradeoff between security & memory
• avg length 7-8 char
• advice usually ignored
• dictionary words & numbers are popular
• special char use limited
• memory is the key factor of choice
• Markov model
• sequence of events for which... just see the photos
• Results (see photo, actually very interesting)
• Uses
• defensively as a password strength evaluator
• offensively as a tool to enhance password guessing