Was macht man mit zig Millionen Username/Passwort – Kombinationen?

—

von

Nun zum einen könnte man damit Unfug treiben – denn dabei handelt es sich wohl um die Mutter aller wordlists für Bruteforcer! 🙂

Doch wesentlich klüger nutzt man diese, um die Awareness in Bezug auf Passwortsicherheit zu steigern.

Und so kommt es, dass ich hier ein kleines Tool (Beta!) online stelle, mit dessen Hilfe jedermann blitzschnell abfragen kann, ob

sein Passwort bereits geleakt wurde und auf Passwortlisten kursiert und ob
sein Passwort grundsätzlich sicher gewählt wurde

Bei letzterem wurde die Entropie der Passworte als Kriterium für die Komplexität berechnet… daraus sollte man lernen, dass die Passwortlänge entscheidend ist – und nicht unmerkbare Konstruktionen a la „P@sSw0rT!“!

https://passwd.valki.com

Des Weiteren geben die statistischen Merkmale dieser Sammlung einige interessante Informationen preis….

Favoriten

„You could use the Winrar Password Breaker for faster results :O)“
„Klaatu Barada Nikto“
„1q2w3e4r5t6z7u8i9o0p“
„********************************“ (ernsthaft!!)
„kensentme“ (Larry Laffer lässt grüßen!)
„deadharryisnotmyboyfriend“
„correct horse battery staple“
„YOUR1ASS“
„password“

Häufigste Buchstaben / Zeichen

Total characters:       223953055
Unique characters:      752
Top 50 characters:      ae10iron2sl3t948m576dcuhbykgpfvjwz$xASqERMCTLPBNID


Character frequency, sorted by count, top 25
+---------------------------------+
| Character |  Count   | Of total |
+---------------------------------+
| a         | 14666941 | 6.5491 % |
| e         | 12665409 | 5.6554 % |
| 1         | 12373460 | 5.525 %  |
| 0         |  9951437 | 4.4435 % |
| i         |  9817399 | 4.3837 % |
| r         |  9140740 | 4.0815 % |
| o         |  9091537 | 4.0596 % |
| n         |  8929823 | 3.9874 % |
| 2         |  8396075 | 3.749 %  |
| s         |  7770744 | 3.4698 % |
| l         |  7586158 | 3.3874 % |
| 3         |  7366878 | 3.2895 % |
| t         |  7000024 | 3.1257 % |
| 9         |  6683678 | 2.9844 % |
| 4         |  6331966 | 2.8274 % |
| 8         |  5645411 | 2.5208 % |
| m         |  5524916 | 2.467 %  |
| 5         |  5382936 | 2.4036 % |
| 7         |  5074954 | 2.2661 % |
| 6         |  5050891 | 2.2553 % |
| d         |  4897970 | 2.1871 % |
| c         |  4852847 | 2.1669 % |
| u         |  4316505 | 1.9274 % |
| h         |  4259346 | 1.9019 % |
| b         |  3903305 | 1.7429 % |
+---------------------------------+


Symbol frequency, sorted by count, top 25
+-----------------+
| Symbol | Count  |
+-----------------+
|        | 363665 |
| -      | 357733 |
| .      | 320065 |
| _      | 235546 |
| !      | 154340 |
| *      | 135071 |
| @      | 120842 |
| /      |  64597 |
| '      |  54459 |
| #      |  54165 |
| ,      |  30977 |
| &      |  30735 |
| \      |  28857 |
| ?      |  24043 |
| )      |  19907 |
| (      |  18073 |
| "      |  14260 |
| ;      |  14023 |
| ]      |  13549 |
| %      |  12981 |
| :      |  11878 |
| [      |  10630 |
| {      |   1507 |
| }      |   1385 |
| Â¡      |     89 |
+-----------------+

Passwortlänge

Password length (length ordered)
1 = 309 (0.0%)
2 = 1847 (0.01%)
3 = 32002 (0.12%)
4 = 444769 (1.64%)
5 = 877282 (3.24%)
6 = 4703185 (17.36%)
7 = 4492519 (16.58%)
8 = 6382770 (23.55%)
9 = 4395170 (16.22%)
10 = 2487022 (9.18%)
11 = 1135014 (4.19%)
12 = 752061 (2.78%)
13 = 502806 (1.86%)
14 = 327899 (1.21%)
15 = 217366 (0.8%)
16 = 160274 (0.59%)
17 = 53600 (0.2%)
18 = 36712 (0.14%)
19 = 24191 (0.09%)
20 = 20277 (0.07%)
[...]

Zeichenräume und Verteilung/Kombination der einzelnen Passworte

Charset frequency, sorted by count/keyspace, full table
+--------------------------------------------------------------------------+
|           Charset            |  Count   | Of total  |   Count/keyspace   |
+--------------------------------------------------------------------------+
| lower-numeric                | 21847045 | 80.5735 % |  606862.3611111111 |
| numeric                      |  4429416 | 16.336 %  |           442941.6 |
| lower-upper-numeric          | 24809596 | 91.4996 % | 400154.77419354836 |
| lower-numeric-symbolic       | 22786908 | 84.0398 % | 330245.04347826086 |
| lower                        |  7990382 | 29.4691 % |  307322.3846153846 |
| lower-upper-numeric-symbolic | 26171336 | 96.5218 % | 275487.74736842106 |
| lower-upper                  |  8613005 | 31.7654 % | 165634.71153846153 |
| lower-symbolic               |  8427285 | 31.0804 % | 142835.33898305084 |
| upper-numeric                |  5019504 | 18.5123 % | 139430.66666666666 |
| lower-upper-symbolic         |  9155446 | 33.766 %  |  107711.1294117647 |
| numeric-symbolic             |  4479966 | 16.5224 % | 104185.25581395348 |
| upper-numeric-symbolic       |  5123359 | 18.8953 % |  74251.57971014493 |
| upper                        |   217022 | 0.8004 %  |             8347.0 |
| upper-symbolic               |   247286 | 0.912 %   |   4191.28813559322 |
| symbolic                     |     1602 | 0.0059 %  |  48.54545454545455 |
+--------------------------------------------------------------------------+


Charset distribution of characters in beginning and end of words (len>=6)
+-------------------------------------------------------------------------------------------------+
| Charset\Index | 0 (first char) |     1     |     2     |    -3     |    -2     | -1 (last char) |
+-------------------------------------------------------------------------------------------------+
| lower         | 62.5633 %      | 70.4914 % | 70.992 %  | 59.6276 % | 50.6566 % | 45.8854 %      |
| upper         | 12.892 %       | 2.9502 %  | 2.8901 %  | 2.4329 %  | 2.1473 %  | 2.1154 %       |
| digits        | 24.1933 %      | 26.2127 % | 25.7626 % | 36.9056 % | 46.3053 % | 50.6385 %      |
| symbols       | 0.3513 %       | 0.3456 %  | 0.3553 %  | 1.034 %   | 0.8909 %  | 1.3607 %       |
+-------------------------------------------------------------------------------------------------+

Zahlen am Ende des Passworts

Single digit on the end = 2265820 (8.36%)
Two digits on the end = 2763733 (10.2%)
Three digits on the end = 1271121 (4.69%)

Last digit
1 = 2099601 (7.75%)
3 = 1652773 (6.1%)
2 = 1367182 (5.05%)
0 = 1264923 (4.67%)
4 = 1201404 (4.43%)
7 = 1172830 (4.33%)
5 = 1167413 (4.31%)
6 = 1164975 (4.3%)
9 = 1134114 (4.19%)
8 = 1076986 (3.97%)

Last 2 digits (Top 25)
23 = 372658 (1.38%)
12 = 265597 (0.98%)
11 = 254001 (0.94%)
00 = 233337 (0.86%)
01 = 221664 (0.82%)
07 = 194716 (0.72%)
13 = 193866 (0.72%)
10 = 191548 (0.71%)
21 = 190412 (0.7%)
89 = 174992 (0.65%)
88 = 173271 (0.64%)
22 = 165442 (0.61%)
06 = 160693 (0.59%)
56 = 157834 (0.58%)
08 = 157164 (0.58%)
69 = 155963 (0.58%)
05 = 151156 (0.56%)
77 = 150600 (0.56%)
90 = 146575 (0.54%)
99 = 144812 (0.53%)
87 = 142968 (0.53%)
14 = 140751 (0.52%)
91 = 132347 (0.49%)
09 = 132135 (0.49%)
20 = 131856 (0.49%)

Last 3 digits (Top 25)
123 = 231643 (0.85%)
456 = 90809 (0.34%)
000 = 71102 (0.26%)
007 = 64524 (0.24%)
234 = 61336 (0.23%)
987 = 53336 (0.2%)
990 = 47797 (0.18%)
989 = 47508 (0.18%)
991 = 46724 (0.17%)
988 = 45794 (0.17%)
111 = 44902 (0.17%)
992 = 44617 (0.16%)
321 = 44213 (0.16%)
986 = 43492 (0.16%)
985 = 42283 (0.16%)
345 = 42087 (0.16%)
993 = 40629 (0.15%)
666 = 40340 (0.15%)
101 = 38888 (0.14%)
984 = 38582 (0.14%)
994 = 38042 (0.14%)
001 = 37840 (0.14%)
006 = 37491 (0.14%)
777 = 37441 (0.14%)
789 = 37063 (0.14%)

Last 4 digits (Top 25)
3456 = 70685 (0.26%)
1234 = 51557 (0.19%)
1987 = 41451 (0.15%)
1990 = 41282 (0.15%)
1991 = 40238 (0.15%)
1989 = 39910 (0.15%)
1988 = 39306 (0.15%)
1992 = 38926 (0.14%)
1986 = 38398 (0.14%)
1985 = 36863 (0.14%)
1993 = 35665 (0.13%)
2345 = 34242 (0.13%)
1984 = 33983 (0.13%)
1994 = 33627 (0.12%)
2000 = 31964 (0.12%)
1983 = 31458 (0.12%)
2007 = 31170 (0.12%)
1995 = 30503 (0.11%)
1982 = 29533 (0.11%)
2006 = 28896 (0.11%)
1980 = 28061 (0.1%)
1981 = 27187 (0.1%)
2008 = 27171 (0.1%)
1996 = 25085 (0.09%)
1979 = 24222 (0.09%)

Kommentare

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.