May 2, 2014
Password cracking is not a precise science; it involves guessing. A lot of guessing. Words with Foes is a wordlist generator that algorithmically generates educated guesses. That is, it produces a wordlist for use by a password cracker based on common password patterns.
- Functional Programming is used throughout Words with Foes to manipulate and augment words.
- Finite and infinite "Streams" are used to make many augmentations to words.
- List comprehensions are used to organize and compile results.
- Words with Foes takes advantage of the fact that Racket has First Class Functions to organize and apply manipulations to words.
Words with Foes uses a few external technologies. The Racket Libraries Racket GUI Toolkit and File IO are used for user interaction and file production respectively. Words with Foes uses the Racket GUI library for its simple one window GUI. This window allows users to either type in a single word as input or find an input file using the system file chooser. It then allows users to specify where the application's result file will be written using the system directory chooser. Words with Foes uses Racket File IO to write a properly formatted wordlist file with the application's results. An external CSVReader library is used to read existing wordlist text files in as Racket lists.
Using an existing wordlist or a single seed word Words with Foes makes likely changes to existing words. The application does not simply generate permutations, it generates permutations that you might expect a human to make. Common password making strategies such as adding ascending integers to the end of a word, pluralizing a word, adding a swearword to a word, and replacing a word's letters with numbers are reproduced algorithmically. Words with Foes is also easily extensible allowing people to write and include their own manipulation procedures easily. Finally, when Words with Foes recognizes that it has been run before, it only applies manipulations that can be useful if done a second time (e.g. capitalize, add swearword, double).
Technology Used Block Diagram
Words with Foes uses procedures I like to call "xegers" (terminology borrowed from https://code.google.com/p/xeger/) to manipulate words. Here is a list of just some of the xegers in the current version of Words with Foes: (N.B. Some of these are only meant for use with English words)
- pluralize - Makes words either plural or possessive
- prependarticles - Puts an article before a word
- prependprepositions - Puts a preposition before a word
- doubler - Doubles a word
- appendprependkeyboardorder1 - Puts the first n letters in the top keyboard row (qwer.. etc.) before and after a word
- appendprependints - Puts the first n integers before and after a word
- appendprependfibs - Puts the first n Fibonacci Numbers before and after a word
- string-titlecase-wrap - Capitalizes the first letter in a word
Words with Foes uses lists extensively to manage output before it is written to disk. This strategy was used to demonstrate list behaviors in scheme. It also makes producing lists very fast. However, with sufficiently large input it requires a great deal of memory. Words with Foes can generate results that grow exponentially from the size of the input. If I were to continue to iterate on this software, I would have the application begin dumping its results to disk when it runs out of available memory.
A graph showing the dramatic increase in file size after four uses of Words with Foes: