The Association of Digital Forensics, Security and Law (ADFSL)
Most information systems are secured at minimum by some form of password protection. For various reasons a password may be unavailable, requiring some form of password recovery procedure. One such procedure is software-based automated password recovery, where a program attempts to log into a system by repeatedly trying different password combinations. At the core of such software is a password generator. This article describes the basic iterative and recursive algorithms for generating all possible passwords of a given length, which is commonly referred to as brute-force password generation. The paper ends with a discussion of alternative password recovery procedures one should attempt before brute-force password recovery.
Brown, A. S., Bracken, E., Zoccoli, S., & Douglas, K. (2004, September). Generating and Remembering Passwords. Applied Cognitive Psychology, 18(6), 641-651.
Florencio, D., & Herley, C. (2007). A Large-Scale Study of Web Password Habits. In: Proceedings of the 16th International World Wide Web Conference (pp. 657-665). Banff, Alberta: University of Calgary.
Morris, R., & Thompson, K. (1979, November). Password Security: A Case History. Communications of the ACM, 22(11), 594-597.
Flor, Nick V. and Shannon, Haile
"Technology Corner: Brute Force Password Generation -- Basic Iterative and Recursive Algorithms,"
Journal of Digital Forensics, Security and Law: Vol. 6
, Article 7.
Available at: http://commons.erau.edu/jdfsl/vol6/iss3/7