Analysis of 10k hotmail passwords
Ok, not all of them were hotmail passwords, but that's how they are being talked about in the media
Thousands of Hotmail passwords leaked online
I did some initial analysis of the list which can be found below:
Reusable Security: 10k Hotmail Passwords
I haven't had much time to go over them, but I'll try to post some follow up info, such as the effectiveness of different input dictionaries, a more detailed analysis of word mangling rules used, etc, later. If there is any specific information people are interested in, (with the exception of where to grab the list, sorry I'm not going to repost that), please let me know.
my analysis of 20k leaked email accounts (hotmail etc.)
Just added some character set filtering to wepbuster.
For someone who might be interested, here are the stats I have gathered:
The password list I got from some website (which I forgot to bookmark), contains 21868 entries (mix of different email accounts but mostly from hotmail).
- 18572 unique entries
- 7280 all lowercase (977(exact match) are found in /usr/share/dict/words)
- 6645 combination of lower and number
- 2979 all numbers
- 308 lower, number, symbol
- 293 lower and symbol
- 292 lower, upper, and number.
- 225 lower, upper
- 219 all uppercase (16 are found in /usr/share/dict/worrds)
- 182 upper and number
- 50 lower, upper, number, and symbol
- 38 number, symbol
- 24 lower, upper, symbol
- 21 upper, number, symbol
- 9 upper and symbol
- 7 all symbols
As you can see, all lower case, lowercase+number, and all numbers are quite popular choices for passwords.
In the meantime, I'll try to dig deeper to see if there's any common properties on those passwords created. Maybe number positioning, character patterns, etc.