Thursday, April 30, 2009

About that missing 11.1%

In reference to my last post, I just want to remind everyone, (and myself), that with the phpbb.com list I still haven't cracked around 11% of the passwords. For example, I was expecting around 4-8 percent of the people to use special characters in their passwords, but so far less than one percent of the cracked passwords contain special characters, (and please note I don't count non-english letters as special characters). Now imagine if half of the remaining passwords contain a special character. That would mean 5-6 percent of the total passwords contained a special character which would match what I was expecting. Looking at the passwords I'm cracking right now, there's a very good possibility that might actually come true.

That's where plain-text lists of passwords, (such as the MySpace List, silentwhisper.net list, singles.org list, etc), are so useful since they give you a better idea of how people actually create the HARD passwords, vs getting fixated only on the passwords you can crack.

No comments: