Last active
November 29, 2020 22:22
-
-
Save roycewilliams/b1de2afbfe5cb71bea16c94042b9bbfc to your computer and use it in GitHub Desktop.
troyhunt-320M-SHA1-PACK-analysis.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PACK statsgen analysis of Troy Hunt's 320 million pwned password list | |
| # (As announced in https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/) | |
| # | |
| # Major components of this corpus are the antipublic and exploit.in leaks. | |
| # Also very likely to contain rockyou and linkedin, at a minimum. | |
| # | |
| # This analysis includes founds from the hashes included in Hunt's Update 1 from 2017-08-04 | |
| # (as downloaded from https://haveibeenpwned.com/Passwords) | |
| # This analysis does NOT yet include Update 2 from 2017-08-05 | |
| # | |
| # Currently based on 99.41% of plains found so far. | |
| # This will be updated periodically as more are discovered, but not frequently, | |
| # since PACK is single-threaded, and running it on 320M plains takes some time (~45m) | |
| # | |
| # Top 1000 masks here: https://gist.github.com/roycewilliams/f23b59e7b0fe47f71a74a92de66a1eb0 | |
| # | |
| # Analysis from statsgen in the PACK toolkit: https://thesprawl.org/projects/pack/#statsgen | |
| # My related HN reply: https://news.ycombinator.com/item?id=14933480 | |
| $ time statsgen -o found.statsgen found.unhex | |
| _ | |
| StatsGen 0.0.3 | | | |
| _ __ __ _ ___| | _ | |
| | '_ \ / _` |/ __| |/ / | |
| | |_) | (_| | (__| < | |
| | .__/ \__,_|\___|_|\_\ | |
| | | | |
| |_| iphelix@thesprawl.org | |
| [*] Analyzing passwords in [found.unhex] | |
| [*] Saving advanced masks and occurrences to [found.statsgen] | |
| [+] Analyzing 100% (318459715/318459715) of passwords | |
| NOTE: Statistics below is relative to the number of analyzed passwords, not total number of passwords | |
| [*] Length: | |
| [+] 8: 32% (102670925) | |
| [+] 10: 14% (45419409) | |
| [+] 9: 13% (41864213) | |
| [+] 7: 10% (33743580) | |
| [+] 6: 06% (20233414) | |
| [+] 11: 05% (18482116) | |
| [+] 12: 04% (14246210) | |
| [+] 15: 02% (8375249) | |
| [+] 13: 02% (8192973) | |
| [+] 14: 02% (6435303) | |
| [+] 16: 01% (4271653) | |
| [+] 5: 00% (3057252) | |
| [+] 32: 00% (1749342) | |
| [+] 18: 00% (1440687) | |
| [+] 17: 00% (1381886) | |
| [+] 20: 00% (1093644) | |
| [+] 19: 00% (834030) | |
| [+] 4: 00% (571228) | |
| [+] 22: 00% (543572) | |
| [+] 21: 00% (520538) | |
| [+] 24: 00% (429662) | |
| [+] 23: 00% (363550) | |
| [+] 26: 00% (296701) | |
| [+] 25: 00% (292186) | |
| [+] 28: 00% (247141) | |
| [+] 30: 00% (214302) | |
| [+] 27: 00% (207701) | |
| [+] 29: 00% (193722) | |
| [+] 34: 00% (185492) | |
| [+] 40: 00% (153949) | |
| [+] 31: 00% (147934) | |
| [+] 3: 00% (118542) | |
| [+] 33: 00% (109262) | |
| [+] 36: 00% (95078) | |
| [+] 35: 00% (90199) | |
| [+] 37: 00% (67871) | |
| [+] 38: 00% (66649) | |
| [+] 39: 00% (46231) | |
| [+] 2: 00% (6207) | |
| [+] 1: 00% (112) | |
| [*] Character-set: | |
| [+] loweralphanum: 47% (152647949) | |
| [+] loweralpha: 24% (78936901) | |
| [+] numeric: 08% (25957540) | |
| [+] mixedalphanum: 06% (21489484) | |
| [+] loweralphaspecialnum: 03% (9965460) | |
| [+] loweralphaspecial: 02% (7684997) | |
| [+] upperalphanum: 01% (5886828) | |
| [+] mixedalpha: 01% (5428911) | |
| [+] specialnum: 01% (4381297) | |
| [+] all: 00% (2047610) | |
| [+] upperalpha: 00% (1867518) | |
| [+] special: 00% (1010462) | |
| [+] mixedalphaspecial: 00% (613290) | |
| [+] upperalphaspecialnum: 00% (370020) | |
| [+] upperalphaspecial: 00% (171448) | |
| [*] Password complexity: | |
| [+] digit: min(0) max(40) | |
| [+] lower: min(0) max(40) | |
| [+] upper: min(0) max(40) | |
| [+] special: min(0) max(40) | |
| [*] Simple Masks: | |
| [+] stringdigit: 35% (112165160) | |
| [+] string: 27% (86233330) | |
| [+] othermask: 09% (31385041) | |
| [+] digit: 08% (25957540) | |
| [+] digitstring: 07% (22439352) | |
| [+] stringdigitstring: 05% (17308884) | |
| [+] digitstringdigit: 01% (5454105) | |
| [+] stringspecialstring: 01% (4332024) | |
| [+] stringspecialdigit: 01% (3315227) | |
| [+] stringspecial: 00% (2095580) | |
| [+] stringdigitspecial: 00% (1596877) | |
| [+] digitspecial: 00% (1577319) | |
| [+] specialdigit: 00% (1534253) | |
| [+] special: 00% (1010462) | |
| [+] digitspecialdigit: 00% (435056) | |
| [+] digitspecialstring: 00% (347220) | |
| [+] specialstring: 00% (277089) | |
| [+] digitstringspecial: 00% (236085) | |
| [+] specialdigitspecial: 00% (233575) | |
| [+] specialstringdigit: 00% (218223) | |
| [+] specialstringspecial: 00% (208410) | |
| [+] specialdigitstring: 00% (98903) | |
| [*] Advanced Masks: | |
| [+] ?l?l?l?l?l?l?l?l: 15% (47846002) | |
| [+] ?l?l?l?l?l?l?d?d: 02% (7011835) | |
| [+] ?d?d?d?d?d?d?d?d: 01% (6212778) | |
| [+] ?l?l?l?l?l?l?l?l?l?l: 01% (6035813) | |
| [+] ?l?l?l?l?l?l?l?l?l: 01% (5388770) | |
| [+] ?l?l?l?l?l?l?l?d?d: 01% (5181360) | |
| [+] ?l?l?l?l?l?l?l?l?d?d: 01% (5138760) | |
| [+] ?l?l?l?l?l?l?l: 01% (4998965) | |
| [+] ?d?d?d?d?d?d?d: 01% (4798329) | |
| [+] ?l?l?l?l?d?d?d?d: 01% (4798320) | |
| [+] ?d?d?d?d?d?d?d?d?d?d: 01% (4754402) | |
| [+] ?l?l?l?l?l?l?d?d?d?d: 01% (4383442) | |
| [+] ?l?l?l?l?l?l: 01% (4159282) | |
| [+] ?l?l?l?l?l?d?d?d?d: 01% (4018910) | |
| [+] ?l?l?l?l?l?l?d?d?d: 01% (3616179) | |
| [+] ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d: 01% (3483618) | |
| [+] ?l?l?l?l?l?l?l?d: 01% (3472511) | |
| [+] ?l?l?l?l?l?d?d: 01% (3232554) | |
| real 43m56.256s | |
| user 43m51.648s | |
| sys 0m3.460s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment