Password joke
Łamanie haseł AMW 2016
W ramach prowadzonych badań nad bezpieczeństwem haseł dokonano łamania haseł (czyli odwracania skrótów) do pewnego akademickiego systemu informatycznego. Statystyki złamanych haseł przedstawiają się następująco:
[+] Analyzing 100% (5854/5854) of passwords [*] Length: [+] 10: 39% (2327) [+] 8: 17% (1034) [+] 9: 11% (699) [+] 11: 08% (470) [+] 7: 05% (347) [+] 6: 05% (334) [+] 12: 04% (261) [+] 13: 02% (131) [+] 14: 01% (94) [+] 5: 01% (61) [+] 4: 00% (30) [+] 15: 00% (30) [+] 16: 00% (13) [+] 3: 00% (6) [+] 17: 00% (6) [+] 19: 00% (5) [+] 18: 00% (4) [+] 21: 00% (1) [+] 22: 00% (1) [*] Character-set: [+] loweralphanum: 38% (2274) [+] specialnum: 30% (1758) [+] loweralpha: 10% (609) [+] mixedalphanum: 09% (571) [+] numeric: 07% (419) [+] all: 01% (73) [+] mixedalpha: 00% (57) [+] loweralphaspecialnum: 00% (38) [+] upperalphanum: 00% (37) [+] loweralphaspecial: 00% (12) [+] upperalpha: 00% (3) [+] mixedalphaspecial: 00% (1) [+] upperalphaspecialnum: 00% (1) [+] upperalphaspecial: 00% (1) [*] Password complexity: [+] digit: min(0) max(13) [+] lower: min(0) max(19) [+] upper: min(0) max(12) [+] special: min(0) max(8) [*] Simple Masks: [+] stringdigit: 43% (2525) [+] othermask: 32% (1899) [+] string: 11% (669) [+] digit: 07% (419) [+] stringdigitstring: 01% (117) [+] digitstring: 01% (95) [+] stringdigitspecial: 00% (43) [+] digitstringdigit: 00% (34) [+] stringspecialdigit: 00% (28) [+] stringspecialstring: 00% (7) [+] stringspecial: 00% (5) [+] specialstringdigit: 00% (4) [+] digitspecial: 00% (2) [+] digitstringspecial: 00% (2) [+] specialdigit: 00% (1) [+] specialstring: 00% (1) [+] digitspecialstring: 00% (1) [+] digitspecialdigit: 00% (1) [+] specialdigitspecial: 00% (1) [*] Advanced Masks: [+] ?d?d?s?d?d?s?d?d?d?d: 29% (1752) [+] ?l?l?l?l?l?l?d?d: 03% (195) [+] ?d?d?d?d?d?d?d?d: 02% (150) [+] ?l?l?l?l?l?l?l?d?d: 02% (140) [+] ?l?l?l?l?l?d?d?d: 02% (123) [+] ?l?l?l?l?l?l?l?l: 02% (120) [+] ?l?l?l?l?l?l: 01% (102) [+] ?l?l?l?l?l?l?l?d: 01% (98) [+] ?d?d?d?d?d?d?d?d?d?d?d: 01% (97) [+] ?l?l?l?l?l?l?d?d?d: 01% (96) [+] ?l?l?l?l?l?l?l?l?d?d: 01% (92) [+] ?l?l?l?l?l?l?l?l?l: 01% (90) [+] ?l?l?l?l?l?d?d: 01% (89) [+] ?l?l?l?l?l?l?d?d?d?d: 01% (85) [+] ?l?l?l?l?l?d?d?d?d: 01% (81) [+] ?l?l?l?l?l?l?l?l?l?d?d: 01% (79) [+] ?l?l?l?l?l?l?d: 01% (79) [+] ?l?l?l?l?l?l?l: 01% (77) [+] ?l?l?l?l?l?l?l?l?l?l: 01% (75) [+] ?l?l?l?l?l?l?l?l?d: 01% (74) [+] ?l?l?l?l?l?d: 01% (67) [+] ?d?d?d?d?d?d: 01% (65)
Do wygenerowania statystyk wykorzystany został projekt PACT (Password Analysis and Cracking Toolkit) http://thesprawl.org/projects/pack/
Password braking PNA 2016
As part of the security research on passwords, hashes belonging to an academic IT system. Some statistics of broken passwords are as follows:
[+] Analyzing 100% (5854/5854) of passwords [*] Length: [+] 10: 39% (2327) [+] 8: 17% (1034) [+] 9: 11% (699) [+] 11: 08% (470) [+] 7: 05% (347) [+] 6: 05% (334) [+] 12: 04% (261) [+] 13: 02% (131) [+] 14: 01% (94) [+] 5: 01% (61) [+] 4: 00% (30) [+] 15: 00% (30) [+] 16: 00% (13) [+] 3: 00% (6) [+] 17: 00% (6) [+] 19: 00% (5) [+] 18: 00% (4) [+] 21: 00% (1) [+] 22: 00% (1) [*] Character-set: [+] loweralphanum: 38% (2274) [+] specialnum: 30% (1758) [+] loweralpha: 10% (609) [+] mixedalphanum: 09% (571) [+] numeric: 07% (419) [+] all: 01% (73) [+] mixedalpha: 00% (57) [+] loweralphaspecialnum: 00% (38) [+] upperalphanum: 00% (37) [+] loweralphaspecial: 00% (12) [+] upperalpha: 00% (3) [+] mixedalphaspecial: 00% (1) [+] upperalphaspecialnum: 00% (1) [+] upperalphaspecial: 00% (1) [*] Password complexity: [+] digit: min(0) max(13) [+] lower: min(0) max(19) [+] upper: min(0) max(12) [+] special: min(0) max(8) [*] Simple Masks: [+] stringdigit: 43% (2525) [+] othermask: 32% (1899) [+] string: 11% (669) [+] digit: 07% (419) [+] stringdigitstring: 01% (117) [+] digitstring: 01% (95) [+] stringdigitspecial: 00% (43) [+] digitstringdigit: 00% (34) [+] stringspecialdigit: 00% (28) [+] stringspecialstring: 00% (7) [+] stringspecial: 00% (5) [+] specialstringdigit: 00% (4) [+] digitspecial: 00% (2) [+] digitstringspecial: 00% (2) [+] specialdigit: 00% (1) [+] specialstring: 00% (1) [+] digitspecialstring: 00% (1) [+] digitspecialdigit: 00% (1) [+] specialdigitspecial: 00% (1) [*] Advanced Masks: [+] ?d?d?s?d?d?s?d?d?d?d: 29% (1752) [+] ?l?l?l?l?l?l?d?d: 03% (195) [+] ?d?d?d?d?d?d?d?d: 02% (150) [+] ?l?l?l?l?l?l?l?d?d: 02% (140) [+] ?l?l?l?l?l?d?d?d: 02% (123) [+] ?l?l?l?l?l?l?l?l: 02% (120) [+] ?l?l?l?l?l?l: 01% (102) [+] ?l?l?l?l?l?l?l?d: 01% (98) [+] ?d?d?d?d?d?d?d?d?d?d?d: 01% (97) [+] ?l?l?l?l?l?l?d?d?d: 01% (96) [+] ?l?l?l?l?l?l?l?l?d?d: 01% (92) [+] ?l?l?l?l?l?l?l?l?l: 01% (90) [+] ?l?l?l?l?l?d?d: 01% (89) [+] ?l?l?l?l?l?l?d?d?d?d: 01% (85) [+] ?l?l?l?l?l?d?d?d?d: 01% (81) [+] ?l?l?l?l?l?l?l?l?l?d?d: 01% (79) [+] ?l?l?l?l?l?l?d: 01% (79) [+] ?l?l?l?l?l?l?l: 01% (77) [+] ?l?l?l?l?l?l?l?l?l?l: 01% (75) [+] ?l?l?l?l?l?l?l?l?d: 01% (74) [+] ?l?l?l?l?l?d: 01% (67) [+] ?d?d?d?d?d?d: 01% (65)
The pproject PACT (Password Analysis and Cracking Toolkit) http://thesprawl.org/projects/pack/ was used to generate above statistics.
Polityka haseł – epoznan.pl
- nazwa serwisu: epoznan.pl
- pozycja na liście alexa rank: 492
- adres serwisu: https://epoznan.pl/index.php?section=forum&mode=register
- minimalna długość hasła: 1 znaków
- maksymalna długość hasła: brak
- wymóg złożoności hasła [*]: brak
- dopuszczalne znaki specjalne: ~!@#$%^&*()_+`-={}|[]\:";'<>?,./
- dopuszczalna spacja w haśle: nie
- dopuszczalne polskie ogonki: tak
- lista złych haseł (blacklista): nie
- bezpieczne logowanie (https): tak
- zabezpieczenie captcha [**]: C
- wskaźnik siły hasła (graficzny lub tekstowy): tak
- forma resetowania hasła: plaintext
- opcja uwierzytelnienia dwustopniowego (2FA): tak
- edukacja o haśle: brak
- uwierzytelnianie OAuth2: N
- uwagi dodatkowe: brak
?l - małe litery, ?u - wielkie litery, ?d - cyfry, ?s - znaki specjalne
[**] Legenda dla zabezpieczenia captcha:
C - tworzenie konta, Ln - logowanie (n próba), R - przypomnienie hasła
