[[Custom Mask Plans]] US | Mask | Info | | ------------------------ | ------------------------------------ | | ?l?l?l?l?l?l | 6-Lowercase | | ?l?l?l?l?l?l?l | 7-Lowercase | | ?l?l?l?l?l?l?l?l | 8-Lowercase | | ?d?d?d?d?d?d | 6-Digits | | ?l?l?l?l?l?l?l?l?l?l?l?l | 12-Lowercase | | ?l?l?l?l?l?l?l?l?l | 9-Lowercase | | ?l?l?l?l?l?l?l?l?l?l | 10-Lowercase | | ?l?l?l?l?l | 5-Lowercase | | ?l?l?l?l?l?l?d?d?l?l?l?l | 6-Lowercase + 2-Digits + 4-Lowercase | | ?d?d?d?d?d?d?d?d?l?l?l?l | 8-Digits + 4-Lowercase | | ?l?l?l?l?l?d?d | 5-Lowercase + 2-Digits | | ?d?d?d?d?d?d?d?d | 8-Digits | | ?l?l?l?l?l?l?d?d | 6-Lowercase + 2-Digits | | ?l?l?l?l?l?l?l?l?d?d | 8-Lowercase + 2-Digits | ASIA ``` ?d?d?d?d?d?d?d?d 8-Digits ?d?d?d?d?d?d 6-Digits ?d?d?d?d?d?d?d 7-Digits ?d?d?d?d?d?d?d?d?d 9-Digits ?d?d?d?d?d?d?d?d?d?d 10-Digits ?l?l?l?l?l?l?l?l 8-Digits ?d?d?d?d?d?d?d?d?d?d?d 11-Digits ?l?l?l?l?l?l 6-Lowercase ?l?l?l?l?l?l?l?l?l 9-Lowercase ?l?l?l?l?l?l?l 7-Lowercase ?l?l?l?d?d?d?d?d?d 3-Lowercase + 6-Digits ?l?l?d?d?d?d?d?d 2-Lowercase + 6-Digits ?l?l?l?l?l?l?l?l?l?l 10-Lowercase ?d?d?d?d?d?d?d?d?d?d?d?d 12-Digits ``` These masks are derived from a password dump comprised of 2.7 billion records. These mask were able to recover 6% (162 Million) clear text passwords. These masks are best used against against weak password policy targets, or adjusted to conform to suspected password policy. These serve as an excellent base for general human pattern analysis. Many of these masks will seem deceptively simple, but it serves as a reminder that low hanging fruit is always present. Without even needing to apply labels to behaviors that contribute to poor passwords; Statistics show that a percentage of users will use weak or dangerous passwords that require the least amount of effort or creativity as possible. [[Home]]