Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday September 05 2017, @09:39PM   Printer-friendly
from the have-you-checked-your-passwords-lately? dept.

Submitted via IRC for TheMightyBuzzard

CynoSure Prime, a "password research collective", has reversed the hashes of nearly 320 million hashed passwords provided by security researcher Troy Hunt through the Pwned Passwords searchable online database.

Their effort, pulled off with the help of two other researchers, revealed many things:

  • Interesting statistics regarding these real world passwords exposed in data breaches,
  • The fact that this database also contains some 2.5 million email addresses and 230,000 email/password combinations (Hunt intends to purge that data from the database), and
  • Some bugs in the Hashcat password recovery tool.

"The longest password we found was 400 characters, while the shortest was only 3 characters long. About 0.06% of passwords were 50 characters or longer with 96.67% of passwords being 16 characters or less," the collective shared.

"Roughly 87.3% of passwords fall into the character set of LowerNum 47.5%, LowerCase 24.75%, Num 8.15%, and MixedNum 6.89% respectively. In addition we saw UTF-8 encoded passwords along with passes containing control characters."

Source: https://www.helpnetsecurity.com/2017/09/05/researchers-reverse-320-million-hashed-passwords/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Pino P on Wednesday September 06 2017, @04:14PM

    by Pino P (4721) on Wednesday September 06 2017, @04:14PM (#564187) Journal

    What's that? You actually thought "the cloud" was a thing?

    Yes. "The cloud" most commonly means someone else's farm of identical servers offered for lease on short notice and for short durations. Some people fear "the cloud" because application service providers have co-opted the term [gnu.org]. But in practice, the suitability of leasing such a server for a particular project depends on three things:

    1. whether a particular server farm's operator can guarantee sufficient confidentiality for your project,
    2. whether you have access to audit non-trivial applications running on these servers, and
    3. whether the service provided by the server is sufficiently general that a server can be replaced with a competitor's.

    A generic VPS (such as Amazon EC2) or a generic NAS (such as Amazon S3) differs greatly in points 2 and 3 from a more specialized application service provider.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2