Efficient Wordlists - Why you don't need 25GB To Be a Pro
Author(s): Dimitri Fousekis [rurapenthe]

Date: December 2015
Publication: 9th International Conference on Passwords (Passwords15 London)
Source: Currently no known Internet copy of paper.

Abstract or Summary:
A common question asked by many who wish to analyse, "crack" or recover passwords is "what wordlist do I use?" Unfortunately there is much mis-information out there, including for example, that people should be using 25GB or greater Wordlists for the best effect. The result is that cracking passwords becomes a tedious, long-time and relatively fruitless excersize.

The goal of this talk is to practically show how to go from "beginner" to "advanced" password cracking capabilities just by creating, managing and using efficient wordlists. It will also assist with the latest information on non-English wordlists, UTF-character-based wordlists and more. The talk will cover:

1. Efficient vs Inefficient Wordlists - Why less is more.
2. Where to start? Sourcing good Wordlists
3. Processing Wordlists - Boosting your Cracking Efficiency
4. Tools to create, manage and process Wordlists (covers current, and a custom tool by myself and others)
5. Non-English Wordlists: Chinese, Arabic and Greek.
6. Re-use, Process, Re-use, Process, Repeat.
7. A quick word about Brute-force vs Wordlists
8. Conclusion

The talk will be 70% technical and 30% theoretical, showing real-world statistics on what makes Wordlists crack faster and better, how they can be properly targeted for your jobs and what mistakes you should avoid.

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=IGbceBOVYIk Project page: https://github.com/rurapenthe/rurasort

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com