It removed my veil from its gaunt head, rent it in two parts, and, flinging both on the floor, trampled on them. — From the second edition of Jane Eyre.
By Diane Mehta
We have passwords because we have secrets. It stands to reason that the longer the password, the deeper the secret. (“Secrets always generate shame. Unfortunately, shame is often really, really hot,” says Helena Fitzgerald.) As we scramble to mask our identities, whether we’re stalking others, surfing for porn, or scoring drugs and Googling the predicaments we find ourselves in, we wonder: Can we keep a secret?
Last month, a cryptic-sounding cracker software called oclHashcat-plus released a new version that cracks your code at the warp speed of 8 million guesses per second and can handle passcodes up to 55 characters. Fifty-five characters would be a cinch for Joseph Brodsky, who deftly memorized hundreds of poems, and for the experimental theater company The Wooster Group’s Scott Shepherd, whose eight-hour monologue for the Public Theater’s Gatz required that he memorize all 49,000 words in “The Great Gatsby.” The rest of us are not so skilled.
All my passwords are literary references followed by random numbers. I use 19th century Russian authors whose long, multisyllabic names with consonants smushed together in ways that occasionally prove impossible to pronounce, would flummox the best of them. It now appears that oclHashcat-plus can crack P. Lovecraft’s phrase from The Call of Cthulhu, “Ph’nglui mglw’nafh Cthulhu R’lyeh wgah’nagl fhtagn1” in minutes.
I emailed Jens “Atom” Steube, the author of oclHashcat-plus. The program culls passphrases from Wikimedia (which lets you download all of Wikipedia in every language) and from Project Gutenberg’s ebooks. When they crack hashes (“a cryptographic function that turns any arbitrary data into a number”), he says, “We store it for later statistical analysis in a big database.”
So much literature is public domain. And when it’s not, we blog and write about it in tweets, reviews, and essays that span out across our digital universe.
And that of oclHashcat-plus. Their database started with dictionaries. That wasn’t enough. So they wrote a new program that combines two dictionaries into one so every word from one dictionary is appended to every word from the second, plus a space. Which gives them a whole bunch of nonsensical words and phrases, along with valid ones. Then they ran those against “hashes” they couldn’t crack, and found that the stuff that made sense got cracked. They took those phrases, dumped them back into the database, and repeated the process. That generates exponentially more and more nonsensical passphrases, so the process just digs and digs until it takes...
You have reached your article limit
Sign up for a digital subscription and continue reading all new issues, plus our entire archives, for just $1.50/month.
Already a subscriber? Sign in
