08-26-2012, 11:58 AM
I've noticed a trend in multilingual users who are creating passwords based on English words, but with their native IME. For example, one of the passwords in the LinkedIn dump is 'سØاهىء', which is a nonsense word in Arabic that was created by hitting the keys for s, p, h, i, n, x (sphinx) on their keyboard while using the Arabic IME.
I have some Korean friends who attest to creating passwords the same way, by typing Hangul letters for English words. Some attest to doing the opposite, where they will write a word in Korean but while using the English IME, so that the word is just an odd string of letters.
Because of this trend I think it is worthwhile to create tables for this kind of pattern. I have already created such a table for Arabic; however, because the current table attack engine does not have wide character support, this table does not work with the current implementation.
If wide character support were added to the table attack engine, the community could create tables for every possible language supported by e.g. Windows IME and fully exploit this new pattern.
I have some Korean friends who attest to creating passwords the same way, by typing Hangul letters for English words. Some attest to doing the opposite, where they will write a word in Korean but while using the English IME, so that the word is just an odd string of letters.
Because of this trend I think it is worthwhile to create tables for this kind of pattern. I have already created such a table for Arabic; however, because the current table attack engine does not have wide character support, this table does not work with the current implementation.
If wide character support were added to the table attack engine, the community could create tables for every possible language supported by e.g. Windows IME and fully exploit this new pattern.