Shmoocon 2009: Stop Using Mangled Dictionary Words In Your Passwords

Matt Weir, a PhD student at Florida State, presented "Enough with the Insanity: Dictionary Based Rainbow Tables" at Shmoocon 2009. The dictionary based rainbow table password cracker program is called drcrack, and it's based off rcrack.

Description and download for drcrack can be found at http://reusablesec.googlepages.com/drcrack

Anyone using dictionary words or mangled variants of dictionary words should consider moving to a better password algorithm method. I personally use the first letters of multiple phrases (that are significant to me) mixed with numbers and special characters

I'm guessing the next step is to have a table of common/hot phrases, first letters of phrases and texting lingo to mangle for brute force cracking.

Sadly, I didn't attend Shmoocon 2009 - there's always next year.