W ramach prowadzonych badań nad bezpieczeństwem haseł dokonano łamania haseł (czyli odwracania skrótów) do pewnego akademickiego systemu informatycznego. Statystyki złamanych haseł przedstawiają się następująco:
[+] Analyzing 100% (5854/5854) of passwords [*] Length: [+] 10: 39% (2327) [+] 8: 17% (1034) [+] 9: 11% (699) [+] 11: 08% (470) [+] 7: 05% (347) [+] 6: 05% (334) [+] 12: 04% (261) [+] 13: 02% (131) [+] 14: 01% (94) [+] 5: 01% (61) [+] 4: 00% (30) [+] 15: 00% (30) [+] 16: 00% (13) [+] 3: 00% (6) [+] 17: 00% (6) [+] 19: 00% (5) [+] 18: 00% (4) [+] 21: 00% (1) [+] 22: 00% (1) [*] Character-set: [+] loweralphanum: 38% (2274) [+] specialnum: 30% (1758) [+] loweralpha: 10% (609) [+] mixedalphanum: 09% (571) [+] numeric: 07% (419) [+] all: 01% (73) [+] mixedalpha: 00% (57) [+] loweralphaspecialnum: 00% (38) [+] upperalphanum: 00% (37) [+] loweralphaspecial: 00% (12) [+] upperalpha: 00% (3) [+] mixedalphaspecial: 00% (1) [+] upperalphaspecialnum: 00% (1) [+] upperalphaspecial: 00% (1) [*] Password complexity: [+] digit: min(0) max(13) [+] lower: min(0) max(19) [+] upper: min(0) max(12) [+] special: min(0) max(8) [*] Simple Masks: [+] stringdigit: 43% (2525) [+] othermask: 32% (1899) [+] string: 11% (669) [+] digit: 07% (419) [+] stringdigitstring: 01% (117) [+] digitstring: 01% (95) [+] stringdigitspecial: 00% (43) [+] digitstringdigit: 00% (34) [+] stringspecialdigit: 00% (28) [+] stringspecialstring: 00% (7) [+] stringspecial: 00% (5) [+] specialstringdigit: 00% (4) [+] digitspecial: 00% (2) [+] digitstringspecial: 00% (2) [+] specialdigit: 00% (1) [+] specialstring: 00% (1) [+] digitspecialstring: 00% (1) [+] digitspecialdigit: 00% (1) [+] specialdigitspecial: 00% (1) [*] Advanced Masks: [+] ?d?d?s?d?d?s?d?d?d?d: 29% (1752) [+] ?l?l?l?l?l?l?d?d: 03% (195) [+] ?d?d?d?d?d?d?d?d: 02% (150) [+] ?l?l?l?l?l?l?l?d?d: 02% (140) [+] ?l?l?l?l?l?d?d?d: 02% (123) [+] ?l?l?l?l?l?l?l?l: 02% (120) [+] ?l?l?l?l?l?l: 01% (102) [+] ?l?l?l?l?l?l?l?d: 01% (98) [+] ?d?d?d?d?d?d?d?d?d?d?d: 01% (97) [+] ?l?l?l?l?l?l?d?d?d: 01% (96) [+] ?l?l?l?l?l?l?l?l?d?d: 01% (92) [+] ?l?l?l?l?l?l?l?l?l: 01% (90) [+] ?l?l?l?l?l?d?d: 01% (89) [+] ?l?l?l?l?l?l?d?d?d?d: 01% (85) [+] ?l?l?l?l?l?d?d?d?d: 01% (81) [+] ?l?l?l?l?l?l?l?l?l?d?d: 01% (79) [+] ?l?l?l?l?l?l?d: 01% (79) [+] ?l?l?l?l?l?l?l: 01% (77) [+] ?l?l?l?l?l?l?l?l?l?l: 01% (75) [+] ?l?l?l?l?l?l?l?l?d: 01% (74) [+] ?l?l?l?l?l?d: 01% (67) [+] ?d?d?d?d?d?d: 01% (65)
Do wygenerowania statystyk wykorzystany został projekt PACT (Password Analysis and Cracking Toolkit) http://thesprawl.org/projects/pack/