[ | Date | | | 2011-01-20 00:20 -0500 | ] |
I have a combination padlock (Wordlock brand) that uses letters rather than the more usual digits. There are five concentric dials, each of which is labeled with ten letters, or nine letter and a blank for the rightmost dial. This is 105 combinations, disregarding non-dictionary words. In factory configuration, the lock spells "laser", "spell", "words", "Brian", "pilot", "flash", as well as the less intelligible "McNky", "deund", "tttr_", and "anote".
Now knowing that a generating regular expression for this padlock is ^[alswbpfmdt][naporilcet][oserilanut][teldaosknr][erlsnthyd]$
— which is simply the previous list of words, transposed — one can easily extract the list of 1172 French words (based on ODS5) and the list of 2309 English words (based on SOWPODS):
We have established that a dictionary attack would need to inspect only about 2.3% of all possible combinations (based on the English word count). Therefore, using words absent from the dictionary is advisable. Wordlock's website gives bad security advice, such as setting the same combination on every lock, which is best ignored.
Quick links: