Common passwords and common words in passwords

Jikai Li; Ethan Zeigler; Thomas Holland; Dimitris Papamichail; David Greco; Joshua Grabentein; Daan Liang

doi:10.1007/978-3-030-45691-7_77

Common passwords and common words in passwords

Jikai Li, Ethan Zeigler, Thomas Holland, Dimitris Papamichail, David Greco, Joshua Grabentein, Daan Liang

National Wind Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Passwords often include dictionary words or meaningful strings. Figuring out these words or strings may significantly reduce the number of password guessing. The wordlists used by password cracking software, such as Hashcat, typically include the words from various dictionaries and leaked plain passwords. Is it really necessary to put all dictionary words and leaked passwords into the wordlist? In this work, we use Mac system dictionary and rockyou.com leak as two sample wordlists to check the substrings of over 600 million leaked passwords from different websites. We find only a small portion of words from these two wordlists are used by the leaked passwords. More specifically, about 90,000 out of 235,886 Mac dictionary words and about six millions out of 13 millions rockyou.com unique passwords are used by the leaked passwords. In addition to that, we find that a small portion of unique passwords are shared by a large portion of accounts.

Original language	English
Title of host publication	Trends and Innovations in Information Systems and Technologies - Volume 2, WorldCIST 2020
Editors	Álvaro Rocha, Hojjat Adeli, Luís Paulo Reis, Sandra Costanzo, Irena Orovic, Fernando Moreira
Publisher	Springer
Pages	818-827
Number of pages	10
ISBN (Print)	9783030456900
DOIs	https://doi.org/10.1007/978-3-030-45691-7_77
State	Published - 2020
Event	8th World Conference on Information Systems and Technologies, WorldCIST 2020 - Budva, Montenegro Duration: Apr 7 2020 → Apr 10 2020

Publication series

Name	Advances in Intelligent Systems and Computing
Volume	1160 AISC
ISSN (Print)	2194-5357
ISSN (Electronic)	2194-5365

Conference

Conference	8th World Conference on Information Systems and Technologies, WorldCIST 2020
Country	Montenegro
City	Budva
Period	04/7/20 → 04/10/20

Keywords

Dictionary
Hashcat
Password
Substring

Access to Document

10.1007/978-3-030-45691-7_77

Link to publication in Scopus

Fingerprint Dive into the research topics of 'Common passwords and common words in passwords'. Together they form a unique fingerprint.

Cite this

Li, J., Zeigler, E., Holland, T., Papamichail, D., Greco, D., Grabentein, J., & Liang, D. (2020). Common passwords and common words in passwords. In Á. Rocha, H. Adeli, L. P. Reis, S. Costanzo, I. Orovic, & F. Moreira (Eds.), Trends and Innovations in Information Systems and Technologies - Volume 2, WorldCIST 2020 (pp. 818-827). (Advances in Intelligent Systems and Computing; Vol. 1160 AISC). Springer. https://doi.org/10.1007/978-3-030-45691-7_77

Li, Jikai ; Zeigler, Ethan ; Holland, Thomas ; Papamichail, Dimitris ; Greco, David ; Grabentein, Joshua ; Liang, Daan. / Common passwords and common words in passwords. Trends and Innovations in Information Systems and Technologies - Volume 2, WorldCIST 2020. editor / Álvaro Rocha ; Hojjat Adeli ; Luís Paulo Reis ; Sandra Costanzo ; Irena Orovic ; Fernando Moreira. Springer, 2020. pp. 818-827 (Advances in Intelligent Systems and Computing).

@inproceedings{5e5fa786e7124b5490e5df7562fe4eba,

title = "Common passwords and common words in passwords",

abstract = "Passwords often include dictionary words or meaningful strings. Figuring out these words or strings may significantly reduce the number of password guessing. The wordlists used by password cracking software, such as Hashcat, typically include the words from various dictionaries and leaked plain passwords. Is it really necessary to put all dictionary words and leaked passwords into the wordlist? In this work, we use Mac system dictionary and rockyou.com leak as two sample wordlists to check the substrings of over 600 million leaked passwords from different websites. We find only a small portion of words from these two wordlists are used by the leaked passwords. More specifically, about 90,000 out of 235,886 Mac dictionary words and about six millions out of 13 millions rockyou.com unique passwords are used by the leaked passwords. In addition to that, we find that a small portion of unique passwords are shared by a large portion of accounts.",

keywords = "Dictionary, Hashcat, Password, Substring",

author = "Jikai Li and Ethan Zeigler and Thomas Holland and Dimitris Papamichail and David Greco and Joshua Grabentein and Daan Liang",

note = "Publisher Copyright: {\textcopyright} The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2020. Copyright: Copyright 2020 Elsevier B.V., All rights reserved.; null ; Conference date: 07-04-2020 Through 10-04-2020",

year = "2020",

doi = "10.1007/978-3-030-45691-7_77",

language = "English",

isbn = "9783030456900",

series = "Advances in Intelligent Systems and Computing",

publisher = "Springer",

pages = "818--827",

editor = "{\'A}lvaro Rocha and Hojjat Adeli and Reis, {Lu{\'i}s Paulo} and Sandra Costanzo and Irena Orovic and Fernando Moreira",

booktitle = "Trends and Innovations in Information Systems and Technologies - Volume 2, WorldCIST 2020",

}

Li, J, Zeigler, E, Holland, T, Papamichail, D, Greco, D, Grabentein, J & Liang, D 2020, Common passwords and common words in passwords. in Á Rocha, H Adeli, LP Reis, S Costanzo, I Orovic & F Moreira (eds), Trends and Innovations in Information Systems and Technologies - Volume 2, WorldCIST 2020. Advances in Intelligent Systems and Computing, vol. 1160 AISC, Springer, pp. 818-827, 8th World Conference on Information Systems and Technologies, WorldCIST 2020, Budva, Montenegro, 04/7/20. https://doi.org/10.1007/978-3-030-45691-7_77

Common passwords and common words in passwords. / Li, Jikai; Zeigler, Ethan; Holland, Thomas; Papamichail, Dimitris; Greco, David; Grabentein, Joshua; Liang, Daan.

Trends and Innovations in Information Systems and Technologies - Volume 2, WorldCIST 2020. ed. / Álvaro Rocha; Hojjat Adeli; Luís Paulo Reis; Sandra Costanzo; Irena Orovic; Fernando Moreira. Springer, 2020. p. 818-827 (Advances in Intelligent Systems and Computing; Vol. 1160 AISC).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Common passwords and common words in passwords

AU - Li, Jikai

AU - Zeigler, Ethan

AU - Holland, Thomas

AU - Papamichail, Dimitris

AU - Greco, David

AU - Grabentein, Joshua

AU - Liang, Daan

N1 - Publisher Copyright: © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2020. Copyright: Copyright 2020 Elsevier B.V., All rights reserved.

PY - 2020

Y1 - 2020

N2 - Passwords often include dictionary words or meaningful strings. Figuring out these words or strings may significantly reduce the number of password guessing. The wordlists used by password cracking software, such as Hashcat, typically include the words from various dictionaries and leaked plain passwords. Is it really necessary to put all dictionary words and leaked passwords into the wordlist? In this work, we use Mac system dictionary and rockyou.com leak as two sample wordlists to check the substrings of over 600 million leaked passwords from different websites. We find only a small portion of words from these two wordlists are used by the leaked passwords. More specifically, about 90,000 out of 235,886 Mac dictionary words and about six millions out of 13 millions rockyou.com unique passwords are used by the leaked passwords. In addition to that, we find that a small portion of unique passwords are shared by a large portion of accounts.

AB - Passwords often include dictionary words or meaningful strings. Figuring out these words or strings may significantly reduce the number of password guessing. The wordlists used by password cracking software, such as Hashcat, typically include the words from various dictionaries and leaked plain passwords. Is it really necessary to put all dictionary words and leaked passwords into the wordlist? In this work, we use Mac system dictionary and rockyou.com leak as two sample wordlists to check the substrings of over 600 million leaked passwords from different websites. We find only a small portion of words from these two wordlists are used by the leaked passwords. More specifically, about 90,000 out of 235,886 Mac dictionary words and about six millions out of 13 millions rockyou.com unique passwords are used by the leaked passwords. In addition to that, we find that a small portion of unique passwords are shared by a large portion of accounts.

KW - Dictionary

KW - Hashcat

KW - Password

KW - Substring

UR - http://www.scopus.com/inward/record.url?scp=85086278045&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-45691-7_77

DO - 10.1007/978-3-030-45691-7_77

M3 - Conference contribution

AN - SCOPUS:85086278045

SN - 9783030456900

T3 - Advances in Intelligent Systems and Computing

SP - 818

EP - 827

BT - Trends and Innovations in Information Systems and Technologies - Volume 2, WorldCIST 2020

A2 - Rocha, Álvaro

A2 - Adeli, Hojjat

A2 - Reis, Luís Paulo

A2 - Costanzo, Sandra

A2 - Orovic, Irena

A2 - Moreira, Fernando

PB - Springer

Y2 - 7 April 2020 through 10 April 2020

ER -

Li J, Zeigler E, Holland T, Papamichail D, Greco D, Grabentein J et al. Common passwords and common words in passwords. In Rocha Á, Adeli H, Reis LP, Costanzo S, Orovic I, Moreira F, editors, Trends and Innovations in Information Systems and Technologies - Volume 2, WorldCIST 2020. Springer. 2020. p. 818-827. (Advances in Intelligent Systems and Computing). https://doi.org/10.1007/978-3-030-45691-7_77