A password can contain many useful bits of information related to it’s creator and their tendencies/patterns, but you have to break down the structure to decipher the meaning. This analysis process could be considered a sub-category of Text Analytics’ and split into three pattern categories: Basic Pattern, Macro-Pattern, & Micro-Pattern. ## Text Analytics ### Basic Pattern visually obvious when compared to similar groupings (i.e. language and base word/words & digits). Let’s look at two passwords: ``` R0b3rt2017! Jennifer1981! ``` -Each password uses a name: R0b3rt & Jennifer -Ending in a 4 digit date with common special character: 2017! & 1981! **!TIP! This type of basic pattern lends itself to a simple dictionary and L33T speak rule appending dates or hybrid mask attack appending Dict+ ?d?d?d?d?s** ### Macro-Pattern statistics about the passwords underlying structure such as length and character set. Let’s look at two more passwords: 7482Sacrifice Solitaire7482 -Length structure can be summed up as: 4 Digits + 7 Alpha & 7 Alpha + 4 Digits -Uses charsets ?l?u?d , so we may be able to ignore special characters. -Basic Pattern preference for the numbers 7482 and Micro-Pattern for capitalizing words beginning in “S”. **!TIP! You can assume this user is ‘unlikely’ to have a password less than 12 characters (+-1 char) and the 4 digit constant lowers the work to 8 chars. These examples lend themselves to a Hybrid Attack (Dict + 7482) or (7482 + Dict).** ### Micro-Pattern subtlety and context which expresses consistent case changes, themes, and personal data/interest. Let’s look at two more passwords. BlueParrot345 RedFerret789 -Each password begins with a color: Blue & Red -Second word is a type of animal: Parrot & Ferret -Consistent capitalization of all words -Lastly, ending in a 3 digit sequential pattern: 345 & 789 **!TIP! This pattern lends itself to a custom combo dictionary and rule or hybrid mask attack appending sequential digits ?d?d?d So when analyzing passwords be sure to group passwords and look for patterns such as language, base word/digit, length, character sets, and subtle themes with possible contextual meaning or password policy restrictions.** ## US/EU/CA Password trend analysis Password Length Distribution based on large corpus of English website dumps: 7=15% 8=27% 9=15% 10=12% 11=4.8% 12=4.9% 13=.6% 14=.3% Character frequency analysis of a large corpus of English texts: etaoinshrdlcumwfgypbvkjxqz Character frequency analysis of a large corpus of English password dumps: aeionrlstmcdyhubkgpjvfwzxq Top Western password masks out of a large corpus of English website dumps ?l?l?l?l?l?l 6-Lowercase ?l?l?l?l?l?l?l 7-Lowercase ?l?l?l?l?l?l?l?l 8-Lowercase ?d?d?d?d?d?d 6-Digits ?l?l?l?l?l?l?l?l?l?l?l?l 12-Lowercase ?l?l?l?l?l?l?l?l?l 9-Lowercase ?l?l?l?l?l?l?l?l?l?l 10-Lowercase ?l?l?l?l?l 5-Lowercase ?l?l?l?l?l?l?d?d?l?l?l?l 6-Lowercase + 2-Digits + 4-Lowercase ?d?d?d?d?d?d?d?d?l?l?l?l 8-Digits + 4-Lowercase ?l?l?l?l?l?d?d 5-Lowercase + 2-Digits ?d?d?d?d?d?d?d?d 8-Digits ?l?l?l?l?l?l?d?d 6-Lowercase + 2-Digits ?l?l?l?l?l?l?l?l?d?d 8-Lowercase + 2-Digits ## CN Password trend analysis Password Length Distribution based on large corpus of Chinese website dumps: 7=21% 8=22% 9=12% 10=12% 11=4.2% 12=.9% 13=.5% 14=.5% Character frequency analysis of a large corpus of Chinese texts: aineohglwuyszxqcdjmbtfrkpv Character frequency analysis of a large corpus of Chinese password dumps: inauhegoyszdjmxwqbctlpfrkv Top Eastern password masks out of a large corpus of Chinese website dumps: ?d?d?d?d?d?d?d?d 8-Digits ?d?d?d?d?d?d 6-Digits ?d?d?d?d?d?d?d 7-Digits ?d?d?d?d?d?d?d?d?d 9-Digits ?d?d?d?d?d?d?d?d?d?d 10-Digits ?l?l?l?l?l?l?l?l 8-Digits ?d?d?d?d?d?d?d?d?d?d?d 11-Digits ?l?l?l?l?l?l 6-Lowercase ?l?l?l?l?l?l?l?l?l 9-Lowercase ?l?l?l?l?l?l?l 7-Lowercase ?l?l?l?d?d?d?d?d?d 3-Lowercase + 6-Digits ?l?l?d?d?d?d?d?d 2-Lowercase + 6-Digits ?l?l?l?l?l?l?l?l?l?l 10-Lowercase ?d?d?d?d?d?d?d?d?d?d?d?d 12-Digits ## Password Manager trends analysis ### Apple Safari Password Generator -default password 15 characters with "-" & four groups of three random u=ABCDEFGHJKLMNPQRSTUVWXYZ l=abcdefghkmnopqrstuvwxy and d=34567B9 Example) X9e-BQp-3qm-WGN XXX-XXX-XXX-XXX where X = ?u?l?d ### Dashlane -default password 12 characters using just letters and digits. Example) Up0k9ZAj54Kt XXXXXXXXXXXX where X = ?u?l?d ### KeePass -default password 20 characters using uppercase, lowercase, digits, and special. Example) $Zt={EcgQ.Umf)R,C7XFXXXXXXXXXXXXXXXXXXXX where X = ?u?l?d?s ### LastPass -default password 12 characters using at least one digit, uppercase and lowercase. Example: msfNdkG29n3BXXXXXXXXXXXX where X = ?u?l?d ### RoboForm -default password 15 characters using uppercase, lowercase, digits, and special with a minimum of 5 digits. Example: B7lv2%%4F0w31zJXXXXXXXXXXXXXXX where X=?u?l?d?s ### Symantec Norton Identity Safe -default password B characters using uppercase, lowercase, and digits. Example: Ws8lf0Zg XXXXXXXX where X = ?u?l?d ### True Key -default password 16 characters using uppercase, lowercase, digits, and special. Example: 1B1H:9N+@>+sgWsXXXXXXXXXXXXXXXX where X = ?u?l?d?s ### lPassword v6 -default password 24 characters using uppercase, lowercase, digits, and special.Example: cTmM7Tzm6iPhCdpMu.*V],VPXXXXXXXXXXXXXXXXXXXXXXXX where X = ?u?l?d?s #analysis [[Home]]