Abbrase – Abbreviated Passphrase Password Generator


Abbrase is an abbreviated passphrase password generator. An ‘abbrase’ is one of the passwords it produces. It generates a password and a phrase like “phyeigdolrejutt” and “physical eight dollars rejected utterly”.

Abbrase - Abbreviated Passphrase Password Generator

Creating secure passwords is easy. Remembering them is hard. Pwgen makes them memorable though pronounceability. XKCD suggests using a series of random common words, but memorising series of unrelated words can be difficult, and typing long phrases can be tedious.

Abbrase is an experiment in generating probable phrases using Markov chains and abbreviating each word to the first few letters. This strikes a balance between excessive password length and excessive mnemonic length. Passwords generated by Abbrase are as secure as a number with the same length. “122079103” and “toldulbal” (tolerably dull ball) are equally hard to attack.


Theory

Language is the most information-dense thing people memorise. Brains don’t operate on bits.

Pi recitation record-holders don’t have thousands of digits in their minds. They map clusters of digits to far more mentally palatable words, memorising a long story instead of a sequence of digits.

Memorising a grammatically sensible sentence fragment is easier than a sequence of randomly chosen words.

Picking a favourite phrase from the ones generated by Abbrase could make them very slightly easier to attack. A sophisticated attacker could check passwords that are likely to be picked before others. If the attacker can perfectly model which passwords you would prefer, this reduces the security of your password in a proportional amount to the number of passwords you selected it from — if you picked from 32 passwords generated by Abbrase, it makes your password 32x easier to attack (5 bits of security lost).

You can download Abbrase via Github here:

Or read more here.

Posted in: Password Cracking Tools, Security Software

,


Latest Posts:


APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.


2 Responses to Abbrase – Abbreviated Passphrase Password Generator

  1. firuz February 8, 2017 at 12:08 am #

    “122079103” and “toldulbal” (tolerably dull ball) are equally hard to attack.
    Don’t 9 digit only number passwords have much lower entrophy and easier to come accross to in dictionaries???

    • Darknet February 8, 2017 at 9:08 pm #

      In theory yah, but a dictionary attack would rarely do just numbers or just letters, they’d go through all [0-9,a-z, A-Z] all at once usually. So in practical sense there’s no real difference.