TY - GEN
T1 - Common passwords and common words in passwords
AU - Li, Jikai
AU - Zeigler, Ethan
AU - Holland, Thomas
AU - Papamichail, Dimitris
AU - Greco, David
AU - Grabentein, Joshua
AU - Liang, Daan
N1 - Publisher Copyright:
© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2020.
PY - 2020
Y1 - 2020
N2 - Passwords often include dictionary words or meaningful strings. Figuring out these words or strings may significantly reduce the number of password guessing. The wordlists used by password cracking software, such as Hashcat, typically include the words from various dictionaries and leaked plain passwords. Is it really necessary to put all dictionary words and leaked passwords into the wordlist? In this work, we use Mac system dictionary and rockyou.com leak as two sample wordlists to check the substrings of over 600 million leaked passwords from different websites. We find only a small portion of words from these two wordlists are used by the leaked passwords. More specifically, about 90,000 out of 235,886 Mac dictionary words and about six millions out of 13 millions rockyou.com unique passwords are used by the leaked passwords. In addition to that, we find that a small portion of unique passwords are shared by a large portion of accounts.
AB - Passwords often include dictionary words or meaningful strings. Figuring out these words or strings may significantly reduce the number of password guessing. The wordlists used by password cracking software, such as Hashcat, typically include the words from various dictionaries and leaked plain passwords. Is it really necessary to put all dictionary words and leaked passwords into the wordlist? In this work, we use Mac system dictionary and rockyou.com leak as two sample wordlists to check the substrings of over 600 million leaked passwords from different websites. We find only a small portion of words from these two wordlists are used by the leaked passwords. More specifically, about 90,000 out of 235,886 Mac dictionary words and about six millions out of 13 millions rockyou.com unique passwords are used by the leaked passwords. In addition to that, we find that a small portion of unique passwords are shared by a large portion of accounts.
KW - Dictionary
KW - Hashcat
KW - Password
KW - Substring
UR - http://www.scopus.com/inward/record.url?scp=85086278045&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-45691-7_77
DO - 10.1007/978-3-030-45691-7_77
M3 - Conference contribution
AN - SCOPUS:85086278045
SN - 9783030456900
T3 - Advances in Intelligent Systems and Computing
SP - 818
EP - 827
BT - Trends and Innovations in Information Systems and Technologies - Volume 2, WorldCIST 2020
A2 - Rocha, Álvaro
A2 - Adeli, Hojjat
A2 - Reis, Luís Paulo
A2 - Costanzo, Sandra
A2 - Orovic, Irena
A2 - Moreira, Fernando
PB - Springer
T2 - 8th World Conference on Information Systems and Technologies, WorldCIST 2020
Y2 - 7 April 2020 through 10 April 2020
ER -