The Faces of 90.5 WESA
Science & Technology
Tue January 29, 2013
W28C4 Y68R P27S9O73S... (Watch Your Passwords)!
While teachers may have scolded your bad grammar in school, it could make for a stronger password.
Carnegie Mellon University researchers have built a password cracker that takes into account grammar and parts of speech to steal a password.
Ashwini Rao, a software engineering Ph.D. student at CMU who led the research team, said the cracker is different from others out there.
“Those take one dictionary word and make changes to it. They could combine maybe at max two words, but not more than that.”
Rao said her team's password cracker contains an algorithm that could break passwords with 16 or more characters.
She said they tested it against 1,434 passwords and it beat out other state-of-the-art software, cracking 10 percent of the passwords.
Rao said passwords like “Ilovefuzzycats,” while easy to remember, narrows the possible number of words used because it contains grammar structure.
She said some of the less sophisticated crackers might also be able to hack that password.
“They have a dictionary. The dictionary could just have single words, like maybe ‘cats’ or ‘fuzzy,’ or they could have direct phrases in them,” said Rao. “For example, if the dictionary for password hackers had ‘ilovefuzzycats’ in it; in that case it would work.”
Rao said to also beware of using sentences with pronouns because the number of pronouns is far smaller than the number of verbs.
She said the cracker was part of a masters-level course and only intended to prove her concept with no attempt to actually steal anyone's password.