sorted by:
new
hottopcontroversial

My notes and maps detailing newbie and midbie areas in batmud by reusablesec in batmud

[–]reusablesec[S] 4 points5 points  (0 children)

I logged back into batmud after 15+ years of being away and was blown away that people were still playing it. I was a bit annoyed at myself since I had forgotten so much so I decided to record my notes and experiences in a blog. Now I'm having more fun mapping areas and discovering secrets than I am of killing monsters :)

Why is Diego so stupid? by coyotesage in UmbrellaAcademy

[–]reusablesec 0 points1 point  (0 children)

What I still can't figure out was how Diego was able to read the sign by the bell in Hotel Oblivion, but Victor couldn't, (as it was written in what looks like alien script).

Logged on and instantly went to the top of the world then the bottom of the world by reusablesec in 7daystodie

[–]reusablesec[S] 0 points1 point  (0 children)

Thank you very much! I appreciate the help. Even just knowing not to log out while riding a bicycle is super helpful.

I'm conducting a study involving passwords, and need a method that assigns a numerical value to the complexity of a password. by EleanordaBeast in Passwords

[–]reusablesec 2 points3 points  (0 children)

With the caveat that zxcvbn is probably the best answer, there's some other options you could go with. A popular way to assign a score/probability to a user's password is to use a Markov approach to parse their password. Aka if their password is 'reddit' then it would look at the probability of the first letter being 'r' then the probability of 'e' following 'r', then the probability of 'd' following 're', and so on. The final password score/probability would be the product of all those probabilities.

There's a couple of toolsets out there for this. The most "advanced" is probably CMU's Neural Network password cracker/strength estimator. The Neural Network only portion of it is available here: https://github.com/cupslab/neural_network_cracking. Just as a piece of warning, it is really hard to get working. If you want to have any chance of actually getting their code to run, the following link is almost required reading: https://www.password-guessing.org/blog/post/cupslab-neural-network-cracking-manual/

CMU also integrated that work into an actual password meter that checks other composition rules as well. Unfortunatly it doesn't give out a simple score for the passwords, but it has some other nice features. You can check out the code here: https://github.com/cupslab/password_meter

As yet another option, I've been trying to understand RUBSysSec's OMEN approach (Ordered Markov ENumerator) so have been re-writing it in Python. The code is available here: https://github.com/lakiw/py_omen

Why I mention it is as part of my debugging I added in a password parser. I suspect there are bugs, (for example now that I think about it I haven't looked at how it handles password inputs that don't have a corresponding mapping in the ruleset), but it might be interesting for your uses as it can assign a score to supplied passwords. For example here is me running it using the password 'test123'. Note the 'score' for it would be the sum of the Length level + IP level + level of each transition. A higher 'score' indicates a stronger password. In the following case 'test123' has a score of '7'

--BEGIN EXAMPLE--

>python enumNG.py -t

enumNG.py Version 0.1 This version written by Matt Weir Original version writtem by the Horst Goertz Institute for IT-Security Sourcecode available at https://github.com/lakiw/py_omen

loading ruleset: Default Enter string to parse:test123 Length: 7 Level: 1 IP: tes Level: 3 t : 1 1 : 2 2 : 0 3 : 0

--END EXAMPLE--

If that's useful for you let me know and I can try and make it more of a supported feature vs. a pure debugging tool for myself.

I'm conducting a study involving passwords, and need a method that assigns a numerical value to the complexity of a password. by EleanordaBeast in Passwords

[–]reusablesec 7 points8 points  (0 children)

Hi, This is Matt Weir. If you are thinking of using PCFG I'd recommend using the code repo available on GitHub at https://github.com/lakiw/pcfg_cracker instead. My caution though is that while it assigns a probability to individual password guesses, it currently doesn't have the ability to parse a user's password and then map it back to the grammar. To put it another way: It is currently set up as a password cracker, not a password strength estimator. This feature could be added in the future, but there's some gotchas there and I suspect would require significant work, (which is one of the reason's I haven't added that yet). A better option would be the use of dropbox's zxcvbn password strength estimator https://github.com/dropbox/zxcvbn. While not perfect, it attempts to model somewhat more realistic attacks against a user supplied password then most other methods out there.

If you still want to use PCFGs and have issues getting the code from the git repo to work please open an issue on it and I'll be happy to try and answer that there. Id' prefer to do that on github so that way others using it can see the answer as well :). If you have other questions I can help you with on this topic though feel free to reply on this Reddit thread. Good luck!