![]() If you follow it on your keyboard, it looks like this: The password "q2w3e4r" is a sawtooth pattern. Anyway, this gives a good start for how to use my keyboard-walk generator (calling it KWP from now) and how to configure it. With some shift-pressing pattern here and there it can even match some harder password policies. A password like "q2w3e4r" comes to the rescue, it looks random for those who do not crack passwords and random is good, isn't it. Sometimes people come to the conclusion that a keyboard-walk is such a "Medium" security solution. For them such a thing as "Medium" security exist, because it exists in an traditional, non-digital world. But remember, to win the game of password cracking, we have to think like the user, with all their faults. We, who work with password cracking on a daily basis, know that. From a digital perspective there's no such thing, especially not in the digital world we operate in. This trade-off is some weird kind of "Medium" security. Sooner or later their password pattern are no longer useable which will annoy the user so much that he accepts a lower security just to met the criterias of the policy. It gets even worse if there's an additional enforced password expiry. Anyway, what I'm trying to say here is: If there's a password policy, especially a very strict one, the user somehow needs to deal with it. Even if the (password) security community tells us for some time that password policies are bad for password security, administrators still enforce password policies. Low security, like just "password" for the password, is equally repulsive since they know it's being cracked instantly, especially when we talk about people who have to protect something.Īnother (more technical) aspect could be a password policy. Only some people with a high security awareness are willing to go through that. That's hindering peoples workflow and in turn makes it an instant no-go or at least over time no-go for the most people. High security, like an appropriate password database or some kind of extra hardware, means additional management overhead. So the trade-off I'm talking about here is a solution that sits between low and high security. I wouldn't call all humans lazy, but humans tend to find energy-efficient solutions to their problems, especially if it's part of their daily routine. While not being dumb, they are still humans. People usually aren't dumb, especially those who want to protect something. This trade-off is the important factor I have to focus on if I want my generator to be any useful, otherwise it's just a waste of time. The answer I came up with was: It's a trade-off. I thought it's important to understand the motivation of people using keyboard-walks and why do they use them in the first place. ![]() So why is this important for a keyboard-walk generator and why do I point it out here? It's simply because it was the path I went when I decided to write my own keyboard-walk generator and why not to use any existing one. To be efficient, you have to be the user, with all their faults. Password cracking isn't won by academic work and their definitions, because the people in charge don't follow academic rules. ![]() ![]() Those logics may be compatible or incompatible with your rules of password creation, but even if your rules are correct, that's not how you crack a password. Human generated passwords follow their creators logic, whatever they may be. So far it seems everybody has their own definition which in turn leads to incompatibilities when it comes to password cracking. The main issue starts with the definition of "what is a keyboard-walk". BackgroundĪ few weeks back I was in need of a keyboard-walk generator but none of the options available did satisfy my needs. Refer to doc/license.txt for more information. Kwprocessor is licensed under the MIT license. Advanced keyboard-walk generator with configureable basechars, keymap and routes License ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |