Date: December 2015
Publication: 9th International Conference on Passwords (Passwords15 London)
Source 1: https://passwordscon.org/wp-content/uploads/2015/12/Sebastien_Raveau.pdf
Abstract or Summary:
XKCD's "correcthorsebatterystaple" suggestion is often dismissed on the basis that trying word combinations is still too easy for computers, but are we sure that we have all the words? What if the password was a concatenation of "9/11", "767-223ER", ".40 S&W" and "John 3:16"?
At Passwords^12 I presented the technical challenges in creating a Wikipedia Wordlist and notably the unexpected amount of junk; since 2009 I kept improving those algorithms, becoming happier and happier with cleaner and cleaner output, but at Passwords^14 I unfortunately had to cancel my rump session when I discovered that the wordlist was actually cracking fewer and fewer passwords.
Taking a completely different approach I was able to crack passwords like "Lupo 1.2 TDI 3L", "Proverbs 14:12", "Calvin & Hobbes" and "bornontheforthofjuly" (sic) in the LinkedIn hashes for example. There are opposing directions that I can take from here however so if the only true wisdom is knowing that I know nothing, I would like to submit my ideas to the community and brainstorm the future of the wordlist.
PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=a6k10VG0kSM
Do you have additional information to contribute regarding this research paper? If so, please email email@example.com with the details.