Section: New Results

Cracking passphrases based on famous sentences

Participant : Hugo Labrande [contact] .

We proposed a method to attack passwords based on famous sentences, which are rather widespread [18] : we showed a method to construct large dictionaries using only publicly-available sources (e.g. Wikipedia) and modest computing power. The resulting dictionaries were able to crack millions of passphrases, among which a 55-character long one, and some that do not appear to have been cracked before. Our work thus shows that using famous sentences as passwords is not secure at all, as any attacker, even those with low skills and very modest computational resources, can guess them.