Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


Most information systems are secured at minimum by some form of password protection. For various reasons a password may be unavailable, requiring some form of password recovery procedure. One such procedure is software-based automated password recovery, where a program attempts to log into a system by repeatedly trying different password combinations. At the core of such software is a password generator. This article describes the basic iterative and recursive algorithms for generating all possible passwords of a given length, which is commonly referred to as brute-force password generation. The paper ends with a discussion of alternative password recovery procedures one should attempt before brute-force password recovery.


Brown, A. S., Bracken, E., Zoccoli, S., & Douglas, K. (2004, September). Generating and Remembering Passwords. Applied Cognitive Psychology, 18(6), 641-651.

Florencio, D., & Herley, C. (2007). A Large-Scale Study of Web Password Habits. In: Proceedings of the 16th International World Wide Web Conference (pp. 657-665). Banff, Alberta: University of Calgary.

Morris, R., & Thompson, K. (1979, November). Password Security: A Case History. Communications of the ACM, 22(11), 594-597.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.