Wordlists: from statistics to genetic

Today, passwords remain one of the security cornerstones. They are used everywhere - accounts for online services, access to email and servers, domain accounts and more. We all know stories, when big companies has been cracked due to simple and predictable password of one of the employees? During talk there will be present the results of testing different dictionaries for bruteforce, rules and other methods used to restore the user hashes. Also what will be if we combine all dictionaries at one? One big wordlist,of course, will allow to restore the hashes to the efficiency of all the dictionaries, but he will have several drawbacks: size and "recovery" speed. The problem can be solved by combining dictionaries and test them, to get best combination. But the first problem of this approach is that if there are 100 dictionaries and each combination will contain only 5 of them there will be near 9 billions of possible combinations. If there are about 200 of them and each combination contains few hundreds of them, it will impossible just to iterate such number. To solve this problem. Genetic algorithms can be used to solve such problem. They can be used to generate useful solutions to optimization and search problems. There will be introduced some results of idea by creating dictionaries using genetic algorithms, how population and genotype size have influence on final results, it's pros and limits.

Język prezentacji: angielski