I'm struggling with the best way to graph some new data I just analyzed based on the RockYou list. Since I'm also too lazy to write up a full post on it right now, I thought I might as well throw it out as a challenge to the five or so people who read this blog. I'll buy a beer for the first person who can correctly state what the following graph shows.

The beer is redeemable at any conference I happen to meet you at, (For example: Shmoocon). Here are a few hints:

- It is based on a subset of one million passwords from the RockYou set
- It has to deal with a project I am working on
- There is one word you MUST include in your submission for it to be valid

Answers will only be accepted in the comments. This contest will run until someone gets it right or I actually get around to writing a post on this. Imaginary bonus points are applied if you have any suggestions on a better way to graph the data.

## 11 comments:

A measure of complexity of both crackable passwords using a given technique in a given time and uncrackable passwords.

Close, but I'm looking for a specific word. Regardless, you've earned a drink voucher from me.

Mostly I'm just saying close so I can buy someone else a beer as well ;) There is one word I want to hear though. Hint - There's a reason the graph X axis doesn't show any values before 4.

graph show cracked passwords by using the rockyou-top-100-list as wordlist with usual variation

... and length of password on x-axis.

Good guess jolZer, but the X-axis is not password length, (otherwise the average password would be around 15 characters long).

Password entropy on x-axis?

Yup, entropy is the magic word Max. Specifically, the graph shows the calculated entropy according to NIST's SP800-63, of cracked/uncracked passwords after a 50Million guess untargeted dictionary attack.

So in conclusion, I owe you a beer as well ;)

You should make two graphs: entropy distribution and passwords cracked per entropy.

Entropy distribution, y-axis percent of passwords and x-axis entropy.

Passwords cracked per entropy, y-axis percent of passwords cracked per entropy and x-axis entropy.

So something like this only more accurate since I took the data from your graph and couldn't get accurate info on entropy 4 through 9 and 22+.

http://yfrog.com/5vgraphsp

Wow, great idea + work Sc00bz. I'm really impressed that you could get that from the graph. Thanks, and I'll rearrange my graph to your format when I finally get off my butt and write a post on this.

Post a Comment