Vierzehn: The 14% Attack

Ginger, Shearvolta

 ∗

October 21, 2020

Abstract

For decades cryptographers have struggled to an-swer one of the hardest challenges in passwordrecovery: how can one be hacked with less than15% of a password? In this paper, we provemathematically that the % of password knownis a function of attacker IQ. In addition, we pro-vide the optimal algorithmic approach to hack-ing, such that attacker IQ and % of passwordknown is minimized.

1 Introduction

In the modern age of hacking, password recov-ery is the single most effective mechanism to il-legally access email and banking accounts (i.e.“hacking”). It is commonly known that hackingis made easier the more plaintext characters of a password that are known. However, a lesserknown indicator of hacking ease is the IQ of theattacker. Initial research [1] has demonstratedthat an extremely high IQ of at least 197 (ona coefficient-based IQ scale) may lead to higherlikelihood of successful hacking if and only if atleast 15% of the password is known.To determine why this is, we must reviewthe most common mechanisms of password re-covery. First, let’s discuss simply guessing. If the guess works, the password is recovered; if itfails, a failure notice is usually displayed. Figure1 shows the ineffectiveness of a guessing tech-nique as password complexity increases.In modern times, hackers tend to prefer the

∗

This work was supported by Memetics Inc.

method of password recovery called “hash crack-ing,” commonly accomplished via hashcat [3].Hashcat uses advanced hashing algorithms to cracka password with “the sharpness of a cat’s claws”(hence: hashcat). The maintainers of hashcatboast IQs as high as 215, and Figure 2 demon-strates the effectiveness of their program’s crack-ing prowess.Figure 1: Guess Difficulty ScaleWhat we learn from these techniques is thatamount of known plaintext and IQ are actuallyvariables within a complex calculus that, shouldwe be able to integrate it effectively, could leadus to the minimized combination of the two vari-ables to maximize ease of hacking.In the next section, we will discuss the his-tory of IQ-plaintext research.

 

Figure 2: Hashcat Cracking Distribution

2 Background

The dawn of computer passwords began in 1961with Fernando J. Corbato [8]. Fernando, in anattempt to secure access to his ”Compatible TimeSharing System” created the first known pass-word system for computers. As keyboards weresimplistic, leading to low complexity passwords,the vulnerability of these passwords were pre-sumed to be high due to the high IQ of the aver-age researcher accessing this system. Addition-ally, it is known that janitors discovered wholeor partial passwords written on notepads lyingaround the lab, which significantly increased theknown plaintext percent during attacks.In 2012, researchers [7] discovered the trueeffect of password complexity on the recovery orcracking process — and the effect of meters onuser behavior in creating those passwords. It isunknown whether Blase Ur et al considered IQon the cracking process.In what would become the first experimentto demonstrate the effect of IQ on hacking, re-searchers in 2016 [2] made vain, short-sighted at-tempts to hack with as little as 12% of a pass-word. It was discovered by the FBI [6] that theresearchers were working with low IQ individu-als, presumably due to the temporal proximityof the Republican primary debates that year.

3 Overview

In this section we discuss the IQ coefficient nor-malization function, the difficulty of passwordcracking based on known plaintext, the IQ-Plaintextregression algorithm (e.g. the Dingus SwarmOptimizer), and finally the minimization func-tion used to determine the most efficient distri-bution of the features within the IQ-Plaintextparadigm.

3.1 The IQ Coefficient Normalization

Traditionally, IQ has existed upon a scale (figure3) from 55 to 145 (with some additional pointson the tail ends of the curve). During the courseof this research, we determined that this scalewas not a high enough granularity to sufficientexpress the true distribution among human sub- jects.Figure 3: IQ is normally distributed across pop-ulation. Hacking happens exclusively in thefourth standard deviation above the mean.Given the larger scale of password length andcomplexity, we needed to find a sufficient coeffi-cient with which we could scale the IQ distribu-tion, and then normalize this scaling across thepopulation. With this, we could begin workingtoward a derivative function that would identifythe most efficient combination of IQ and knownplaintext.The function we utilized to scale the graphwas the following.After scaling, our IQ Coefficient graph (figure4) demonstrated the average IQ still distributed

 

Algorithm 1:

 IQ Scaling

Result:

 IQ Coefficient Scalerange ¡- 55 ... 145;l = range.lower(); u = range.upper();

while

 While range within 15 ... 210 

 doif 

 l over 15 

 then

range.lower() = l / 2 * 5 + 6 ;

endif 

 u under 210 

 then

range.upper() = u * 5 / 2 + 5 ;

endend

in the 90-120 range, while the tail ends of thebell curve became more expressive.Figure 4: IQ Coefficient Scale

3.2 The Known Plaintext Variable

The known plaintext variable is simply the amountof a given password that is known. The approx-imate difficulty to guess a password is a func-tion of how many characters in that passwordare known.In an alpha-numeric password, each charac-ter represents 36 possibilities. Each additionalcharacter in a password therefore increases thedifficulty to guess or crack that password by anadditional power of 36. Likewise for each charac-ter of the password that is know, the complexityof guessing that password is reduced by a powerof 36.In a landmark study, the researchers at XKCDLabs proved mathematically that addition of char-acters is a far more effective method of passwordgeneration than increasing the number of char-acters possible to include special characters [9].

3.3 The Dingus Swarm Optimizer

Biologically-inspired approaches have been ap-plied historically to optimization problems withgenerally positive results. We propose a parti-cle swarm optimizer using observable socializa-tion patterns of the Dingus. Several public datasources provide us with ample Dingus interac-tions to inform our algorithm, including slam-ming alcoholic beverages, denying historical atroc-ities, “mansplaining,” and venturing into globalpandemics without a basic face diaper on. Theresulting optimizer is known as the Dingus SwarmOptimizer (DSO). The results are seen in figure5.Figure 5: Dingus Swarm Optimizer

3.4 IQ-Plaintext Minimization

When graphing the integral discovered by theDingus Swarm Optimizer, it was discovered thatthe behavior was close to that of terrestrial gas-tropod locomotion algorithms common in AI re-