in reply to Improve password solver

In Re^2: Improve password solver, tprocter says "I see your goal in taking a random approach at the guesses...", and this seems to be generally accepted as a valid approach although perhaps rather expensive in terms of memory and execution time.

I don't see the point of this. Why would generating guesses at random be preferable to sequentially iterating through every possible combination, e.g., for the character set given in the OP, from 'aaa' to '   ' (three spaces) for a three letter password? The only advantage I can imagine is that it might fool a login monitoring program that was set up to detect a series of sequential passwords.

Replies are listed 'Best First'.
Re^2: Improve password solver
by tprocter (Sexton) on Jul 03, 2009 at 14:54 UTC

    I was about to launch into a defense of the concept here, but I basically proved myself wrong. The primary effect of randomizing the test sequence would be to encourage people to use stronger passwords, which is good, but not usually a goal of an attacker. However, a cracker could be at a disadvantage if it consistently starts with 'a' and the majority of solved passwords start with 'Z'. A middle ground might be to randomly select where you start from in a character sequence, and sequentially test all variations for that length in a circular style of sequence.

[reply]

In Section Seekers of Perl Wisdom