Generating Mistyped Password Guess Lists
Aaron Logue, Dec 2016
This program takes a base password and generates a list of likely
possible typographical error permutations of that password.
Unlike the myriad of other utlities available that are focused
on keyword, domain, and web meta tag matching, this one is
designed with passwords in mind. If you need it, you know why
you need it.
This program takes as input a password that you thought you
typed and generates a list of likely possible single character
errors that could be made when typing that password on a QWERTY
It can also take as input a file of single character mistypes
and apply the same algorithm, producing a comprehensive guess
list of likely possible double character errors that could be
made when typing a particular password.
A password 17 characters in length will produce about 350 likely
single character mistypes, including missing keys, doubled keys,
shifted keys, and adjacent keys substituted or inserted before or
after another key. Feeding that list back into the program will
produce about 125,000 likely double character mistypes.
Thie list can then be fed into crark or crark7z to beat on a rar
or 7z file that you can't get back into or used in a custom tester.
Fat-fingering a password twice doesn't necessarily mean you're
toast, provided that it's on something you can run a guesser
against in a reasonable amount of time.
Here's what it does, using "pw" as an example password:
C:\dev\skein>typogen -p pw
# missed keystroke
# doubled keystroke
# inadvertent shift key
# transposed to adjacent key
# inserted adjacent key before
# inserted adjacent key after
Here is how to use typogen to produce all of the two-error
typogen -p pw > short_list.txt
typogen -f short_list.txt > long_list.txt