Your SlideShare is downloading. ×
0
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Password Patterns- An Analysis
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Password Patterns- An Analysis

374

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
374
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Password Patterns – An Analysis Dr. Emin Islam Tatlı Twitter: @eitatli tatli@architectingsecurity.com 25 April 2012 1
  • 2. Password Patterns – An AnalysisOverview1. Password Fiasco (Leakage of more than 32 M plain text passwords)2. Password Analysis - Imperva3. Password Analysis – Password Patterns4. Conclusion 2
  • 3. Password Leakagerockyou.com hacked * Referenced from http://techcrunch.com 3
  • 4. Password Leakagerockyou.com plaintext password are online 4
  • 5. Password PatternsFTC fines RockYou 5
  • 6. Password AnalysisAnalysis of Imperva - Distribution•Consumer Password Worst Practices:http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf 6
  • 7. Password AnalysisAnalysis of Imperva – Key Findings 7
  • 8. Password AnalysisAnalysis of Imperva – Common Passwords 8
  • 9. Password PatternsPassword Complexity What about security of z6iFk#rdlr vs. TØpsecret. ??? Randomly generated Consists of certain patterns (e.g. dictionary word, ending with “.”) 9
  • 10. Password PatternsThe Analysis• Dual and Triple Concatenation of [:alpha:], [:digit:] and [:punct:] characters• Replacement of [:alpha:] => [:digit:] and [:punct:]• Special patterns• Frequency of the Symbols 10
  • 11. Password Patterns[:alpha:], [:digit:] and [:punct:] characters 11
  • 12. Password PatternsNo Concatenation 12
  • 13. Password PatternsDual Concatenation 13
  • 14. Password PatternsDual Concatenation – cont. 14
  • 15. Password PatternsTriple Concatenation 15
  • 16. Password PatternsReplacement Pattern 16
  • 17. Password PatternsSome Special Patterns 17
  • 18. Password PatternsFrequency of the Symbols 18
  • 19. Password PatternsPassword Cracking - Methods• Brute-Force Attacks• Dictionary Attacks 19
  • 20. Password PatternsPassword Cracking – Tools - I 20
  • 21. Password PatternsPassword Cracking – Tools - II 21
  • 22. Password PatternsThe Results in Conclusion•The most commonly used dual concatenation of alpha-digit-punct characters is“alpha+digit” with 30%.•The most commonly used triple concatenation of alpha-digit-punct characters is“alpha+punct+digit” with 0.57%.•Forthe replacement pattern, replacing the letter i or l with the number “1” is themost commonly used pattern.•The most commonly used special character is . (point).•Password patterns might be the next generation of dictionary attacks.•Do not choose and use any password based on a common pattern. 22
  • 23. References•PasswordPatterns:http://www.architectingsecurity.com/2010/09/11/password-patterns/ 23

×