Not A Mzter


Reduce the risk of your password being cracked with brute force using special characters

 

If you are an spanish speaking person then you know in spanish alphabet contains some letters that are not available in other languages like ñ, Ñ, ü, etc… and in social networks maybe you’ve seen some memes about using ñ avoid english speaking hackers and right now we are going to discover it together.

 

  1. To start we are going to verify if social networks allows ñ as part of characters for password.   

  • Twitter

  • Facebook  

If you want to test some others then just do it.

 

  1. Now we know some websites allows the ñ in password field we are going to see if any wordlist of common passwords contains ñ. 

¤ First try: Wordlist from Worldlist Repousing /wordlists/passwords dictionaries Clone the repo

git clone https://github.com/kkrypt0nn/wordlists.git --depth=1

Run the next script in rust

use std::{fs::{self, File}, io::{self, BufRead}};
 
fn main() {
  let paths = fs::read_dir("YOUR_WORDLIST_DIRECTORY").unwrap();
  for path in paths {
    println!("Searching in file: {:?}", path.as_ref().unwrap().file_name());
    let file: File = File::open(path.unwrap().path()).unwrap();
    let reader = io::BufReader::new(file);
 
    // Read file line by line searching
    for line in reader.lines() {
      if line.as_ref().unwrap().contains("ñ") || line.as_ref().unwrap().contains("Ñ")
      {
        println!("Possible password found: {:?}", line.unwrap());
      }
    }
  }
}
  1. Running cargo run we will se some files doesn’t contains any password with ñ or Ñ but in some other exists some passwords like the alphabet in spanish including ñ abcdefghijklmnñopqrstuvwxyz or España but the other are in a file of encrypted string. But in almost all we dont have any password with ñ.
console output
	Searching in file: "darkweb_2017.txt"
	Possible password found: "contraseña"
	Searching in file: "default_passwords_for_services.txt"
	Searching in file: "dutch_passwords.txt"
	Possible password found: "España"
	Possible password found: "abcdefghijklmnñopqrstuvwxyz"
  1. Now we have to use the heavy artillery with the rockyou.txt 2021 with 100Gb of password collected over the years downloading

¤ Double check to size of file

check file size
	(Get-Item -Path rockyou2021.txt).Length/1GB
	Ps: 91.6218505306169

¤ You can run the previous rust program changing previous directory to new one with rockyoutxt2021.txt inside but will take a long time to complete. I’m going to use KLOGG to read load file and search for ñ to see how many results we found.

 

Klogg showing no one password with ñ in bigger public passwords collection

 

  1. After this litle explanation we know when we use special characters we will make our password more difficult to find by brute force as they do not appear in the most famous dictionaries.