A good option would be to skip any sequence of the same character when you know the passphrase is made from natural language. The length of same-char sequence must be optional, to adjust with the supposed language.
For example if the passphrase is based on the french sentence il m’a créée et m’a nommée using only [a-z] characters, you ended with ilmacreeeetmanommee. You will never find more than 4 e in a row in a french sentence, and that special form of the creer verb is the only french word with 3 vowel sequence and it only exists with the e vowel. As another example, there is no same-consonant-sequence longer than 2 inside a french word (like the verb battre, you can find two t in a row, never 3, and this form is always inside a word, never at beginning or end.
So, if we imagine a -n option for that, running bruteforce-luks -l 12 -m 12 -n 3 -s abehjkmr luks-header will try:
If you know the passphrase is made from natural language with space-separated words or is written the CamelCase way, you can safely use -n 2.
Such option can safe time a lot to bruteforce man-made passphrase, and implementing this option will make the usage of same-character sequences in a passphrase a safe option. man-made passphrases tend to not repeat the same characters (imitating randomness) and this bias made them not truly random. If this option is implemented, the implementation can be used to prove repeating same characters in a passphrase can be safer than not repeating them.
A good option would be to skip any sequence of the same character when you know the passphrase is made from natural language. The length of same-char sequence must be optional, to adjust with the supposed language.
For example if the passphrase is based on the french sentence
il m’a créée et m’a nommée
using only[a-z]
characters, you ended withilmacreeeetmanommee
. You will never find more than 4e
in a row in a french sentence, and that special form of thecreer
verb is the only french word with 3 vowel sequence and it only exists with thee
vowel. As another example, there is no same-consonant-sequence longer than 2 inside a french word (like the verbbattre
, you can find twot
in a row, never 3, and this form is always inside a word, never at beginning or end.So, if we imagine a
-n
option for that, runningbruteforce-luks -l 12 -m 12 -n 3 -s abehjkmr luks-header
will try:but not:
If you know the passphrase is made from natural language with space-separated words or is written the CamelCase way, you can safely use
-n 2
.Such option can safe time a lot to bruteforce man-made passphrase, and implementing this option will make the usage of same-character sequences in a passphrase a safe option. man-made passphrases tend to not repeat the same characters (imitating randomness) and this bias made them not truly random. If this option is implemented, the implementation can be used to prove repeating same characters in a passphrase can be safer than not repeating them.