07-24-2016, 04:47 PM
(This post was last modified: 07-24-2016, 05:06 PM by Kgx Pnqvhm.)
The most recent article (2016) about this is "So, Just Why Is 18atcskd2w Such a Popular Password?" at:
http://www.tripwire.com/state-of-securit...-password/
One of the many articles discussing the Stratfor list, "Challenges with Evaluating Password Cracking Algorithms" at:
http://reusablesec.blogspot.com/2015/08/...sword.html
has the sentence: "A majority of the passwords in the Stratfor dataset were machine generated."
One method of detection is in "A list of flaws in the data set" where Mark Burnett writes about "Ten Million Passwords" he released:
"I have an algorithm in my Hurl script that looks for situations where both the username and password have abnormally high entropy and therefore likely both were computer-generated. The algorithm looks at many weighted criteria (such as both being exactly 8 characters long or containing only hex characters) and comes up with a score. I had the weight a littler lower than it should be to avoid false positives but that means there are still many passwords that were obviously not selected by humans."
http://www.tripwire.com/state-of-securit...-password/
One of the many articles discussing the Stratfor list, "Challenges with Evaluating Password Cracking Algorithms" at:
http://reusablesec.blogspot.com/2015/08/...sword.html
has the sentence: "A majority of the passwords in the Stratfor dataset were machine generated."
One method of detection is in "A list of flaws in the data set" where Mark Burnett writes about "Ten Million Passwords" he released:
"I have an algorithm in my Hurl script that looks for situations where both the username and password have abnormally high entropy and therefore likely both were computer-generated. The algorithm looks at many weighted criteria (such as both being exactly 8 characters long or containing only hex characters) and comes up with a score. I had the weight a littler lower than it should be to avoid false positives but that means there are still many passwords that were obviously not selected by humans."