password patterns- an analysis
TRANSCRIPT
1
Password Patterns – An Analysis
Dr. Emin Islam Tatlı
Twitter: @eitatli
25 April 2012
2
Password Patterns – An AnalysisOverview
1. Password Fiasco (Leakage of more than 32 M plain text passwords)
2. Password Analysis - Imperva
3. Password Analysis – Password Patterns
4. Conclusion
3
Password Leakagerockyou.com hacked
* Referenced from http://techcrunch.com
4
Password Leakagerockyou.com plaintext password are online
5
Password PatternsFTC fines RockYou
6
Password AnalysisAnalysis of Imperva - Distribution•Consumer Password Worst Practices:
http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf
7
Password AnalysisAnalysis of Imperva – Key Findings
8
Password AnalysisAnalysis of Imperva – Common Passwords
9
Password PatternsPassword Complexity
What about security of
z6iFk#rdlr vs. TØpsecret.
???
Randomly generated Consists of certain patterns
(e.g. dictionary word, ending
with “.”)
10
Password PatternsThe Analysis
• Dual and Triple Concatenation of [:alpha:], [:digit:] and [:punct:] characters
• Replacement of [:alpha:] => [:digit:] and [:punct:]
• Special patterns
• Frequency of the Symbols
11
Password Patterns[:alpha:], [:digit:] and [:punct:] characters
12
Password PatternsNo Concatenation
13
Password PatternsDual Concatenation
14
Password PatternsDual Concatenation – cont.
15
Password PatternsTriple Concatenation
16
Password PatternsReplacement Pattern
17
Password PatternsSome Special Patterns
18
Password PatternsFrequency of the Symbols
19
Password PatternsPassword Cracking - Methods
• Brute-Force Attacks
• Dictionary Attacks
20
Password PatternsPassword Cracking – Tools - I
21
Password PatternsPassword Cracking – Tools - II
22
Password PatternsThe Results in Conclusion
•The most commonly used dual concatenation of alpha-digit-punct characters is
“alpha+digit” with 30%.
•The most commonly used triple concatenation of alpha-digit-punct characters is
“alpha+punct+digit” with 0.57%.
•For the replacement pattern, replacing the letter i or l with the number “1” is the
most commonly used pattern.
•The most commonly used special character is . (point).
•Password patterns might be the next generation of dictionary attacks.
•Do not choose and use any password based on a common pattern.
23
•Password Patterns:
http://www.architectingsecurity.com/2010/09/11/password-patterns/
References