An algorithm developed by Ashwini Rao and colleagues at Carnegie Mellon University in Pittsburgh, Pennsylvania, makes light work of cracking long passwords which make grammatical sense as a whole phrase, even if they are interspersed with numbers and symbols. Rao's algorithm makes guesses by combining words and phrases from password-cracking databases into grammatically correct phrases. While other cracking programs make multiple guesses based on each word in a database, putting in "catscats" and "catsstac" as well as just the word "cats", none of the programs make the jump to combine multiple words or phrases in a way that makes grammatical sense, like "Ihave3cats", for instance.
Ten per cent of the long passwords that Rao and her team tested were cracked exclusively using their grammar-sensitive methods, unyielding in the face of other well-known cracking algorithms such as John the Ripper and Hashcat.
Bad grammar makes better passwords
Posted on Monday, January 21 2013 @ 13:43 CET by Thomas De Maesschalck
NewScientist suggests using bad grammar is a good way to make your passwords more secure. As computing power increases exponentially, the safety of passwords is going down as well. The article mentions that $3,000 worth of hardware is enough to guess 33 billion passwords per second.