Bad Grammar Make Good Password

Bad Grammar Make Good Password


Along with birthdays, names of pets and ascending number sequences, add one more thing to the list of password no-nos: good grammar.

An algorithm developed by Ashwini Rao and colleagues at Carnegie Mellon University in Pittsburgh, Pennsylvania, makes light work of cracking long passwords which make grammatical sense as a whole phrase, even if they are interspersed with numbers and symbols.

Rao’s algorithm makes guesses by combining words and phrases from password-cracking databases into grammatically correct phrases. While other cracking programs make multiple guesses based on each word in a database, putting in “catscats” and “catsstac” as well as just the word “cats”, none of the programs make the jump to combine multiple words or phrases in a way that makes grammatical sense, like “Ihave3cats”, for instance.

Ten per cent of the long passwords that Rao and her team tested were cracked exclusively using their grammar-sensitive methods, unyielding in the face of other well-known cracking algorithms such as John the Ripper and Hashcat.

As processing power continues to fall in price, choosing passwords that are easily memorised but secure is getting harder and harder. A $US3000 computer running appropriate algorithms can make 33 billion password guesses every second.

In a paper due to be presented at the Conference on Data and Application Security and Privacy in San Antonio, Texas, next month, the researchers suggest that other types of familiar structures like postal addresses, email addresses and URLs may also make for less secure passwords, even if they are long.


New Scientist reports, explores and interprets the results of human endeavour set in the context of society and culture, providing comprehensive coverage of science and technology news. [clear]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.