<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 12/23/21 7:54 AM, Henry Baker wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8329b7e5-b4f0-55da-1f81-09b56118d092@pipeline.com">
<pre class="moz-quote-pre" wrap="">Could someone please explain the current strategies of brute-force password crackers these days?
I presume that huge dictionaries of existing passwords, words, phrases, etc., + brute force alphabetic enumeration in order of probability?
</pre>
</blockquote>
<p><br>
</p>
<p>For key passwords of mine I have two entropy estimates:</p>
<p>1. Entropy for a brute force break.</p>
<p>2. Entropy for someone who knows the format of my password. (I.e,
is my password "diceware" or <a class="moz-txt-link-freetext" href="https://xkcd.com/936/">https://xkcd.com/936/</a> or…?)</p>
<p><br>
</p>
<p>In between 1 and 2 the vast search space things could be sped up
a <i>lot</i> by prioritizing search order to more probable tries
first. And I assume there is extensive work on this, all
classified.</p>
<p><br>
</p>
<p>-kb, the Kent who has spent some time thinking about how he would
prioritize the search, how to feed target-specific information
into the search.<br>
</p>
</body>
</html>