Is a password easier to brute force if it contains a repeating pattern?
There are three scenarios here:
Attacker has no knowledge of the pattern scheme:
When the attacker has no knowledge of the patterns, the brute-force attempt will have to be exhaustive. The attacker gains no practical efficiency improvement, because there is no way of him knowing the construction of the password.
Attacker has some or full knowledge of the pattern scheme:
If the attacker has knowledge of the patterns, they may improve the efficiency of their bruteforce attack by not attempting passwords that do not match the pattern scheme.
Attacker has no initial knowledge of the pattern scheme, and multiple hashes are available:
If the attacker has no initial knowledge of the pattern, but has a number of different password hashes to crack (all of which use the same scheme for the password) he may crack a small number of them via exhaustive bruteforce, then deduce the pattern. From there, the attack becomes much more efficient.
The knowledge of the password pattern could give you really speed-up in the brute-force method. If you know, that brute-forcing password is a repeating pattern password, you can reduce the cracking time.
If you know, that the password consists of N the same parts, then, all you have to do is find that part. So to speed the cracking process up, you need to add a few lines into your brute-force function. Let's say that the brute-force algorithm checked if your password is abba
. Before you let it go to the another step (checking abbb
), you should "glue" that try and check passwords like abbaabba
, abbaabbaabba
and so on.