passwords! (p5) / ngrams and passphrases

[coderman]

On Fri, Nov 15, 2013 at 6:09 PM, brian carroll
<electromagnetize at gmail.com> wrote:
> ... if a password service used this principle,... 3-4 sets instead,
>    themselves having special rules...
>
>    [set1|set2|set3|set4]
>
>    in this way, a 'rolling password' could be developed ...


this feels similar to various guided / ordered permutations strategies
that use a corpus of ngrams or words for attacking longer sequences,
like passphrases. [with or without decorating permutations like
appended numerical sequences and other common substitutions and
sequences]

the effectiveness of these in practice appears strongly bound to your
operational security.  e.g. past examples of mining a user's interests
to guide successful pass word and pass phrase cracking attempts.

i keep waiting for someone to write it, alas:
 'No results found for "the art of tactical password cracking"'

;)