Generating Mistyped Password Guess Lists

Aaron Logue, Dec 2016

This program takes a base password and generates a list of likely possible typographical error permutations of that password. Unlike the myriad of other utlities available that are focused on keyword, domain, and web meta tag matching, this one is designed with passwords in mind. If you need it, you know why you need it.
typogen.exe
typogen.c
This program takes as input a password that you thought you
typed and generates a list of likely possible single character
errors that could be made when typing that password on a QWERTY
keyboard.

It can also take as input a file of single character mistypes
and apply the same algorithm, producing a comprehensive guess
list of likely possible double character errors that could be
made when typing a particular password.

A password 17 characters in length will produce about 350 likely
single character mistypes, including missing keys, doubled keys,
shifted keys, and adjacent keys substituted or inserted before or
after another key.  Feeding that list back into the program will
produce about 125,000 likely double character mistypes.

Thie list can then be fed into crark or crark7z to beat on a rar
or 7z file that you can't get back into or used in a custom tester.
Fat-fingering a password twice doesn't necessarily mean you're
toast, provided that it's on something you can run a guesser
against in a reasonable amount of time.

Here's what it does, using "pw" as an example password:

C:\dev\skein>typogen -p pw
pw
# missed keystroke
w
p
# doubled keystroke
ppw
pww
# inadvertent shift key
Pw
pW
# transposed to adjacent key
0w
-w
ow
[w
lw
;w
'w
p2
p3
pq
pe
pa
ps
pd
# inserted adjacent key before
0pw
-pw
opw
[pw
lpw
;pw
'pw
p2w
p3w
pqw
pew
paw
psw
pdw
# inserted adjacent key after
p0w
p-w
pow
p[w
plw
p;w
p'w
pw2
pw3
pwq
pwe
pwa
pws
pwd

Here is how to use typogen to produce all of the two-error
possibilities:

typogen -p pw > short_list.txt
typogen -f short_list.txt > long_list.txt