Telepathwords – password guesser

This tries to evaluate password strength by guessing the next character of your password.

Here’s a ┬áBruce Schneier blog posting on it

I tried it out with a few of my (old) passwords (no longer in use). It was able to guess the next character about 25% of the time, and it was able to guess whole words (I use a variant of passphrases) about 10% of the time. What I want is an offline variant of this that can tell me the true entropy of my passwords. Interestingly, with about half my (old, not longer in use) passwords, it was unable to guess any of the next characters.

I would only use this to test password strength if I had an offline version, AND I had the source code to that offline version.

This points out the weakness in pure passphrases, the entropy is related to the number of words, not the number of characters.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>