Password pattern analysis, measuring password strength from CSDN leaked passwords
Inducement of this problem:
"On 21st, Dec, 2011, Account information for more than 6 millions registered users of online community Chinese Software Developer Network (CSDN.net) has reportedly been leaked online. Industry sources today added that account information has also been leaked for 8 millions and 20 millions users, respectively, of the 7k7k and 178.com gaming websites. CSDN has confirmed the news, saying the leaked information is from a 2009 backup of the site's database, although the exact cause for the leak has yet to be determined. Online sources say that the leaks were deliberate and users of Chinese SNS sites Renren and Kaixin001, the Tianya online community and matchmaking sites Jiayuan.com and Baihe.com will be the next targets (these website are just involved in rumors now, no password package from them are leaked) ". (on 25th, Dec, 2011, the data from Tianya online community having already being leaked and I have downloaded the package also ensure that username-password are effective most --from author)
Text-based passwords is still and will remain the most significant authentication method in an expected long time for computer systems, especially the social network systems (SNS) are keeping their usernames and passwords in the database. The most recent example of data breaches involving large numbers of hashed passwords happened in China is the CSDN Password-Scandal, which involves more then 6 millions users' passwords being leaked. This threat is so real that once these passwords have been cracked, they can be used to gain access not only to the original site, but also to other accounts where users have reused their passwords. This is an important consideration because studies indicate that password reuse (exactly and with minor variations) is a common and growing practice as users acquire more online accounts....
Please join StudyMode to read the full document