Stories
Slash Boxes
Comments

SoylentNews is people

Researchers Reverse 320 Million Hashed Passwords

posted by Fnord666 on Tuesday September 05 2017, @09:39PM   Printer-friendly
from the have-you-checked-your-passwords-lately? dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

CynoSure Prime, a "password research collective", has reversed the hashes of nearly 320 million hashed passwords provided by security researcher Troy Hunt through the Pwned Passwords searchable online database.

Their effort, pulled off with the help of two other researchers, revealed many things:

  • Interesting statistics regarding these real world passwords exposed in data breaches,
  • The fact that this database also contains some 2.5 million email addresses and 230,000 email/password combinations (Hunt intends to purge that data from the database), and
  • Some bugs in the Hashcat password recovery tool.

"The longest password we found was 400 characters, while the shortest was only 3 characters long. About 0.06% of passwords were 50 characters or longer with 96.67% of passwords being 16 characters or less," the collective shared.

"Roughly 87.3% of passwords fall into the character set of LowerNum 47.5%, LowerCase 24.75%, Num 8.15%, and MixedNum 6.89% respectively. In addition we saw UTF-8 encoded passwords along with passes containing control characters."

Source: https://www.helpnetsecurity.com/2017/09/05/researchers-reverse-320-million-hashed-passwords/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Researchers Reverse 320 Million Hashed Passwords | Log In/Create an Account | Top | 31 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by The Mighty Buzzard on Wednesday September 06 2017, @01:35AM (1 child)

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Wednesday September 06 2017, @01:35AM (#564007) Homepage Journal

    Sorry, no. You cannot build a rainbow table large enough to go from all possible three-character passwords up to the ones I use. You can't even build one with the exact same amount of characters. One terabyte by fucked up measuring standards is 1 * 1012 bytes. My current passwords start at needing ~3 * 1049 bytes of storage for a rainbow table big enough to account for them to be built.

    There are not that many hard drives in existence on the planet. A stack of all the necessary 5TB hard drives to rainbow table my password would in fact be much, much larger than the planet. Specifically, it would be 1.56358066931 * 1024 KM3, given a standard 3.5" drive. To give you some scope, the earth is ~1 * 1012 KM3. Even Jupiter is only 1.43 * 1015 KM3 (Uranus is 6.833 * 1013 KM3. You shouldn't have any fiber worries.). Thankfully there's good ole Sol to the rescue sitting there at 1.4 * 1027 KM3 or roughly a thousand times larger.

    --
    My rights don't end where your fear begins.
    Starting Score:    1  point
    Moderation   +3  
       Interesting=2, Informative=1, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 2) by jasassin on Wednesday September 06 2017, @05:29AM

    by jasassin (3566) <jasassin@gmail.com> on Wednesday September 06 2017, @05:29AM (#564044) Homepage Journal

    Uranus is 6.833 * 1013 KM3.

    Oh yaeah? Who you think you talking to BITCH? You anus at least twice that big!

    --
    jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A