This research investigates the cryptographic resilience of Thai-to-English password patterns, a common regional practice where users type Thai words in a Kedmanee keyboard layout while the actual layout is in standard English QWERTY keyboard layout. While often perceived by users as a form of hidden complexity, the security of these patterns remains largely unquantified against modern attack vectors. This study evaluates a curated dataset of 1,000 Thai-to-English passwords alongside established global benchmarks from the RockYou (2009) and LinkedIn (2016) breaches. Utilizing a multi-dimensional framework, the methodology incorporates theoretical entropy modeling (Shannon Entropy) and heuristic scoring (ZXCVBN) alongside active penetration testing using the Hashcat framework. The patterns were benchmarked against five specialized dictionaries, including the original RockYou leak, the RockYou2024 corpus, and custom-built Thai linguistic and onomastic wordlists.

Tuul Triyason