Added mystery high entropy list

This commit is contained in:
Ata 2020-06-29 11:20:30 +03:00
parent 20692144ff
commit a2353d6a16
2 changed files with 39599 additions and 0 deletions

View File

@ -6,6 +6,29 @@ Leaving the 20 year old stuff of red team behind. Stuff works fine, and no one b
## Included dumps
You can check the status.txt in this repository to keep track of included dumps.
---
## Mystery List of 40k high entropy passwords
During my research, i've noticed a handful high entropy passwords (10 characters, uppercase-lowercase-digit) that were being reused.
These passwords had really low occurrance rates, but it was still a lot more than i was expecting.
**Some noticable stuff about these:**
- They all start and end with uppercase characters
- None of them seem to have a keyboard pattern or meaningful word in them.
- They are all 10 characters long.
- Some of them occurred up to 1 per 100 million credentials (meaning i have around 10 reuses of it currently)
- Most recent occurrence for these: 86 of these were found in a 55623 credentials from a leak in june 2020
I've filtered passwords which are 10 character long, and matches `(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=^[A-Z][A-Za-z0-9]+[A-Z]$)(?!.*[a-z]{3})(?!.*[A
-Z]{3})` which had an occurrence rating of less than 1.2 per 100 million.
I've released this list of 39576 passwords in mystery-list.txt under this repository.
I have no idea what this uncovers and what it implies, but i'm suspecting a password manager out there is creating passwords with low entropy, causing repetations over a lot of users. All the ideas about this are welcome and appreciated.
---
## Curious about a statistic?
Please create an issue and explain what you want to learn, and if its interesting i'll query the thing and add the result!

39576
mystery-list.txt Normal file

File diff suppressed because it is too large Load Diff