About that missing 11.1%

In reference to my last post, I just want to remind everyone, (and myself), that with the phpbb.com list I still haven't cracked around 11% of the passwords. For example, I was expecting around 4-8 percent of the people to use special characters in their passwords, but so far less than one percent of the cracked passwords contain special characters, (and please note I don't count non-english letters as special characters). Now imagine if half of the remaining passwords contain a special character. That would mean 5-6 percent of the total passwords contained a special character which would match what I was expecting. Looking at the passwords I'm cracking right now, there's a very good possibility that might actually come true.

That's where plain-text lists of passwords, (such as the MySpace List, silentwhisper.net list, singles.org list, etc), are so useful since they give you a better idea of how people actually create the HARD passwords, vs getting fixated only on the passwords you can crack.

Comments

Popular posts from this blog

The RockYou 32 Million Password List Top 100

Tool Deep Dive: PRINCE

New Paper on Password Security Metrics