Got some idea – why not to use “words” that come from the people themselves. It seems to me that 647t1io4ZQ77F2n password can be only got from generator, but something likeSuperRainbowUnicorne88 could be used as a nickname by someone. Or on the other hand it is known that some people use their names (and / or surname) + year of birth as their passwords. Something like:
sarah98
x_terminator_x2001
andy1996
sadstranger
…
x_terminator_x2001
andy1996
sadstranger
…
And many others. All of them are not invented by people. As there is still a great rule –that a good password, is such that is difficult to remember. I think that when someone creates a login or uniq username, he spends the same amount of time, how much and to create a password. Therefore, why not use “human” potential to create a dictionary.
For test there were taken 10 leaked lists (all of them can be found on hashes.org). I took already cracked lists:
- 3H4rm0ny
- Bl1zz4rd.c0m.u4
- bullch40nl1n3.c0m
- Dh00l.txt
- FFGB34ch.txt
- Pr0j3c7 H3llf1r3.txt
- Pr0j3c7 Wh173f0x.txt
- R007k17.c0m.txt
- S7r47f0r.txt
- vegastripping.com.txt
As passwords, logins/usernames/nicknames were taken from next sites:
Name | Count |
---|---|
enjin | 4 156 091 |
fanfiction.net | 6 889 524 |
872 653 | |
roblox | 30 629 912 |
tetrisfriends | 1 636 438 |
7 358 502 | |
world_of_warcraft | 1 009 864 |
vk.com | 7 891 524 |
random_social | 153 500 497 |
Each of them was used as a standard dictionary. Just as the second type of testing – for each of them was applied best64.rule ( oclhashcat was used). In order to understand the “success” of decryption, there were selected three popular dictionaries ( rule-based attack was not applied to them):
Testing
So let’s see how “usernames” succeed in this. In each table columns I, M ,U means how many nonsimilar “passwords” between lists:
I – InsideProFull
M – MegaCracker
U -uniqpass
3H4rm0ny.txt
Total count: 1492863
InsideProFull: 1100822
MegaCracker: 295345
uniqpass: 19816
List name | 3H4rm0ny.txt | |||
wordlist | ||||
Found | I | M | U | |
enjin | 690 | 17 | 227 | 685 |
fanfiction.net | 508 | 19 | 152 | 504 |
2 | 0 | 0 | 0 | |
random_social | 133 | 0 | 31 | 0 |
roblox | 7437 | 324 | 3188 | 7394 |
tetrisfriends | 776 | 26 | 223 | 775 |
91 | 5 | 55 | 89 | |
vk.com | 1 | 0 | 0 | 0 |
world_of_warcraft | 5 | 1 | 1 | 4 |
List name | 3H4rm0ny.txt | |||
base64.rule | ||||
Found | I | M | U | |
enjin | 42243 | 1459 | 14125 | 42183 |
fanfiction.net | 45086 | 2650 | 14698 | 45018 |
13881 | 1655 | 3157 | 13835 | |
random_social | 110060 | 2492 | 48322 | 109544 |
roblox | 195481 | 9756 | 90266 | 195190 |
tetrisfriends | 34441 | 1269 | 11041 | 34402 |
15012 | 409 | 6091 | 14949 | |
vk.com | 35222 | 958 | 12025 | 35153 |
world_of_warcraft | 10339 | 402 | 2323 | 10338 |
So without any rules – only usernames can crack less than 0.1% of all data. But when used rules – the success rate is much better. Also, there are a lot of uniq passwords that are not present in dictionaries (InsidePro, uniqpass, megacracker).
Bl1zz4rd.c0m.u4
Total count: 14561
InsideProFull: 8964
MegaCracker: 7002
uniqpass: 1809
List name | Bl1zz4rd.c0m.u4 | |||
wordlist | ||||
Found | I | M | U | |
enjin | 95 | 0 | 1 | 7 |
fanfiction.net | 105 | 0 | 1 | 7 |
23 | 0 | 0 | 0 | |
random_social | 365 | 5 | 37 | 0 |
roblox | 249 | 1 | 10 | 6 |
tetrisfriends | 53 | 0 | 1 | 2 |
0 | 0 | 0 | 0 | |
vk.com | 98 | 0 | 7 | 0 |
world_of_warcraft | 21 | 0 | 1 | 5 |
List name | Bl1zz4rd.c0m.u4 | |||
base64.rule | ||||
Found | I | M | U | |
enjin | 262 | 3 | 20 | 30 |
fanfiction.net | 268 | 2 | 17 | 28 |
126 | 1 | 4 | 2 | |
random_social | 630 | 18 | 104 | 32 |
roblox | 497 | 11 | 53 | 35 |
tetrisfriends | 186 | 3 | 10 | 20 |
180 | 2 | 15 | 17 | |
vk.com | 326 | 6 | 39 | 17 |
world_of_warcraft | 86 | 3 | 13 | 19 |
Even with rules, “usernames” have bad luck with this list.
bullch40nl1n3.c0m.txt
Total count: 1009
InsideProFull: 430
MegaCracker: 375
uniqpass: 433
List name | bullch40nl1n3.c0m.txt | |||
wordlist | ||||
Found | I | M | U | |
enjin | 39 | 0 | 0 | 0 |
fanfiction.net | 34 | 0 | 0 | 0 |
18 | 0 | 0 | 0 | |
random_social | 133 | 4 | 9 | 5 |
roblox | 89 | 2 | 3 | 2 |
tetrisfriends | 22 | 0 | 0 | 0 |
1 | 1 | 1 | 1 | |
vk.com | 28 | 0 | 3 | 2 |
world_of_warcraft | 14 | 0 | 0 | 0 |
List name | bullch40nl1n3.c0m.txt | |||
base64.rule | ||||
Found | I | M | U | |
enjin | 101 | 6 | 7 | 6 |
fanfiction.net | 97 | 6 | 8 | 6 |
78 | 1 | 1 | 1 | |
random_social | 318 | 42 | 80 | 43 |
roblox | 232 | 26 | 47 | 26 |
tetrisfriends | 76 | 5 | 6 | 6 |
86 | 5 | 6 | 4 | |
vk.com | 114 | 13 | 16 | 14 |
world_of_warcraft | 31 | 3 | 2 | 2 |
Same as Bl1zz4rd.c0m.u4. But with rules up to 30% crack rate.
Dh00l.txt
Total count: 12002
InsideProFull: 6403
MegaCracker: 6252
uniqpass: 2868
List name | Dh00l.txt | |||
wordlist | ||||
Found | I | M | U | |
enjin | 351 | 1 | 6 | 5 |
fanfiction.net | 368 | 0 | 4 | 5 |
184 | 0 | 1 | 0 | |
random_social | 938 | 11 | 69 | 16 |
roblox | 644 | 3 | 22 | 7 |
tetrisfriends | 279 | 0 | 2 | 3 |
4 | 0 | 0 | 0 | |
vk.com | 373 | 2 | 13 | 4 |
world_of_warcraft | 216 | 0 | 4 | 2 |
List name | Dh00l.txt | |||
base64.rule | ||||
Found | I | M | U | |
enjin | 932 | 12 | 49 | 44 |
fanfiction.net | 987 | 14 | 48 | 53 |
655 | 10 | 27 | 20 | |
random_social | 1612 | 115 | 259 | 159 |
roblox | 1418 | 72 | 163 | 109 |
tetrisfriends | 794 | 16 | 46 | 38 |
868 | 20 | 51 | 42 | |
vk.com | 1081 | 38 | 101 | 61 |
world_of_warcraft | 603 | 13 | 32 | 26 |
FFGB34ch.txt
Total count: 133632
InsideProFull: 91396
MegaCracker: 80212
uniqpass: 87992
List name | FFGB34ch.txt | |||
wordlist | ||||
Found | I | M | U | |
enjin | 12759 | 128 | 445 | 1443 |
fanfiction.net | 16383 | 277 | 721 | 1778 |
8164 | 95 | 158 | 50 | |
random_social | 37862 | 983 | 2497 | 970 |
roblox | 42732 | 2369 | 4263 | 3011 |
tetrisfriends | 15885 | 183 | 353 | 611 |
242 | 31 | 44 | 39 | |
vk.com | 15079 | 176 | 449 | 190 |
world_of_warcraft | 7544 | 36 | 181 | 668 |
List name | FFGB34ch.txt | |||
base64.rule | ||||
Found | I | M | U | |
enjin | 46596 | 1681 | 3531 | 5031 |
fanfiction.net | 55197 | 2708 | 5072 | 6483 |
31116 | 918 | 1948 | 1897 | |
random_social | 75646 | 6812 | 12199 | 9677 |
roblox | 85559 | 10191 | 16072 | 14423 |
tetrisfriends | 51990 | 2350 | 4540 | 5799 |
35777 | 1265 | 2536 | 3445 | |
vk.com | 49963 | 2561 | 4846 | 4193 |
world_of_warcraft | 28878 | 704 | 1647 | 2778 |
Pretty awesome – most of the lists with rules can crack this list up to 60%. Even without base64 – roblox usernames recover 31% of hashes. Also, there are many passwords that are not present in specialized dictionaries.
R007k17.c0m
Total count: 56805
InsideProFull: 53709
MegaCracker: 54487
uniqpass: 50090
List name | R007k17.c0m | |||
wordlist | ||||
Found | I | M | U | |
enjin | 6757 | 0 | 23 | 421 |
fanfiction.net | 5935 | 0 | 21 | 415 |
4121 | 1 | 12 | 0 | |
random_social | 16397 | 1 | 26 | 1 |
roblox | 11429 | 0 | 0 | 241 |
tetrisfriends | 4766 | 0 | 0 | 155 |
100 | 0 | 1 | 2 | |
vk.com | 7793 | 3 | 4 | 0 |
world_of_warcraft | 4148 | 1 | 14 | 216 |
List name | R007k17.c0m | |||
base64.rule | ||||
Found | I | M | U | |
enjin | 17466 | 2 | 32 | 986 |
fanfiction.net | 17057 | 1 | 28 | 961 |
12159 | 2 | 26 | 221 | |
random_social | 28028 | 6 | 32 | 905 |
roblox | 25541 | 4 | 29 | 1226 |
tetrisfriends | 14953 | 0 | 26 | 750 |
12802 | 4 | 30 | 544 | |
vk.com | 18781 | 7 | 29 | 509 |
world_of_warcraft | 11425 | 3 | 25 | 601 |
Most of lists can crack with result near 20%.
S7r47f0r.txt
Total count: 770093
InsideProFull: 64119
MegaCracker: 133714
uniqpass: 140342
List name | S7r47f0r.txt | |||
wordlist | ||||
Found | I | M | U | |
enjin | 11370 | 108 | 130 | 1935 |
fanfiction.net | 10978 | 107 | 140 | 2179 |
7253 | 42 | 24 | 0 | |
random_social | 28777 | 926 | 569 | 0 |
roblox | 22753 | 807 | 411 | 1352 |
tetrisfriends | 9062 | 78 | 61 | 787 |
212 | 24 | 9 | 22 | |
vk.com | 13026 | 143 | 118 | 0 |
world_of_warcraft | 7381 | 22 | 41 | 1030 |
List name | S7r47f0r.txt | |||
base64.rule | ||||
Found | I | M | U | |
enjin | 36304 | 1978 | 894 | 5127 |
fanfiction.net | 36553 | 1974 | 901 | 5220 |
24179 | 848 | 368 | 1012 | |
random_social | 56461 | 7745 | 2745 | 4474 |
roblox | 54970 | 6838 | 2503 | 6447 |
tetrisfriends | 32326 | 1480 | 700 | 3904 |
24987 | 1035 | 491 | 2757 | |
vk.com | 37569 | 2640 | 1046 | 2281 |
world_of_warcraft | 23774 | 948 | 449 | 3306 |
vegastripping.com.txt
Total count: 3940
InsideProFull: 3028
MegaCracker: 2852
uniqpass: 1595
List name | vegastripping.com.txt | |||
wordlist | ||||
Found | I | M | U | |
enjin | 450 | 4 | 7 | 32 |
fanfiction.net | 442 | 2 | 5 | 29 |
254 | 2 | 3 | 2 | |
random_social | 804 | 10 | 25 | 9 |
roblox | 677 | 12 | 26 | 23 |
tetrisfriends | 358 | 2 | 3 | 10 |
3 | 0 | 0 | 0 | |
vk.com | 457 | 0 | 3 | 1 |
world_of_warcraft | 256 | 1 | 0 | 9 |
List name | vegastripping.com.txt | |||
base64.rule | ||||
Found | I | M | U | |
enjin | 965 | 27 | 50 | 85 |
fanfiction.net | 977 | 17 | 35 | 80 |
724 | 15 | 18 | 29 | |
random_social | 1289 | 74 | 126 | 120 |
roblox | 1324 | 82 | 140 | 152 |
tetrisfriends | 920 | 22 | 39 | 73 |
707 | 10 | 19 | 44 | |
vk.com | 980 | 35 | 61 | 65 |
world_of_warcraft | 675 | 13 | 18 | 49 |
So is it possible to get good results with hashes recovery by creating dictionaries from collecting usernames/logins and other info that can be easily gotten from public? I think yes, because this info is generated by humans – not “machines”. Especially with good rules, someone can get good results while craking hashes.
Комментариев нет:
Отправить комментарий