Differences

This shows you the differences between two versions of the page.

Link to this comparison view

people:solar:unique-password-count [2013/07/23 04:51]
solar added a link "back"
people:solar:unique-password-count [2014/06/23 09:21] (current)
solar added "Adobe leak"
Line 87: Line 87:
  
 A flaw of this approach: the world is not a service like RockYou. ​ Presumably, most people who let RockYou have a password of theirs did so for only one or a few of their passwords, for specific services. ​ Those same people generally also have other password-protected resources, and on at least some of those they might reuse the same passwords. ​ Thus, if we analyzed the full set of {resource, password} combinations of those same people, we'd likely see more duplicate passwords, and would extrapolate to fewer unique passwords in the world. ​ Another way to look at this, though, is that we might be estimating the number of unique passwords in use by a certain number of people (our "​total"​) rather than among a certain number of {resource, password} combinations. A flaw of this approach: the world is not a service like RockYou. ​ Presumably, most people who let RockYou have a password of theirs did so for only one or a few of their passwords, for specific services. ​ Those same people generally also have other password-protected resources, and on at least some of those they might reuse the same passwords. ​ Thus, if we analyzed the full set of {resource, password} combinations of those same people, we'd likely see more duplicate passwords, and would extrapolate to fewer unique passwords in the world. ​ Another way to look at this, though, is that we might be estimating the number of unique passwords in use by a certain number of people (our "​total"​) rather than among a certain number of {resource, password} combinations.
 +
 +===== Adobe leak =====
 +
 +The above analysis was based on the RockYou leak.  In the ECB mode encrypted passwords leak from Adobe that occurred later, there are about 130 million passwords total, 56 million unique (the exact passwords aren't always known to us, but ECB mode lets us figure out how many are unique anyway). ​ Extrapolation from RockYou using the formulas above gives 47 million to 52 million unique, so Adobe'​s 56 million suggests that their users' passwords are slightly better in this respect.
  
 ===== Perl script ===== ===== Perl script =====
people/solar/unique-password-count.txt ยท Last modified: 2014/06/23 09:21 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux