While perusing through one of my Florida State University magazines, I found an interesting article on how FSU is one of the leading universities in researching cybercrime prevention and investigating tools.
As part of the write-up on the FSU cybercrime program, there was a side story (sorry, I forgot the official name of these mini-articles) on a super password finder hacker program the university has created. According to the article, the FSU password cracker is nearly twice as good at deciphering passwords than popular open-source programs.
What makes the FSU password cracker different and more effective is that it uses culture, patterns, and probabilities to calculate solutions. According to the article,
Basically, what sets Aggarwal's program apart from all other password crackers is that its algorithms are based on what people actually do when they create a password, rather than what they could do-namely, create a password that is genuinely unique and thereby almost impossible to break.I think this is fascinating - using our everyday culture in the algorithms used to predict the codes of criminals. To be honest, I don't think I have ever created a password that didn't follow some sort of grammatical convention.
Aggarwal's team was able to determine the grammatical patterns and a variety of other user habits (e.g. adding a "1," a "2" or a "3" at the end of a four-letter name) that they gleaned from analyzing over 100,000 old passwords amassed from a number of sources. One of the biggest batches they got their hands on was a list of 67,000 passwords that hackers stole from MySpace.com, for example.
Hopefully, this technology doesn't fall into the wrong hands, I'd be screwed.
