{"id":849,"date":"2009-02-13T20:33:17","date_gmt":"2009-02-13T19:33:17","guid":{"rendered":"http:\/\/www.mitternachtshacking.de\/blog\/849-phpbb-password-analysis"},"modified":"2009-03-01T21:42:27","modified_gmt":"2009-03-01T20:42:27","slug":"phpbb-password-analysis","status":"publish","type":"post","link":"https:\/\/www.mitternachtshacking.de\/blog\/849-phpbb-password-analysis","title":{"rendered":"PHPBB Password Analysis"},"content":{"rendered":"<p>Wie <a href=\"http:\/\/www.heise.de\/security\/Einbruch-in-Webseite-von-Boardsoftware-phpBB--\/news\/meldung\/126929\">durch die Medien bekannt<\/a>, wurde die Webseite <a href=\"http:\/\/www.phpbb.com\/\">phpbb.com<\/a> neulich gehackt. Die Angreifer haben Zugriff auf alle Passworthashes bekommen und diese analysiert:<\/p>\n<p>Die Top 20 Liste der verwendete Passw\u00f6rter:<\/p>\n<ul>\n<li> 3.03% &#8222;123456&#8220;<\/li>\n<li>2.13% &#8222;password&#8220;<\/li>\n<li>1.45% &#8222;phpbb&#8220;<\/li>\n<li>0.91% &#8222;qwerty&#8220;<\/li>\n<li>0.82% &#8222;12345&#8220;<\/li>\n<li>0.59% &#8222;12345678&#8220;<\/li>\n<li>0.58% &#8222;letmein&#8220;<\/li>\n<li>0.53% &#8222;1234&#8220;<\/li>\n<li>0.50% &#8222;test&#8220;<\/li>\n<li>0.43% &#8222;123&#8220;<\/li>\n<li>0.36% &#8222;trustno1&#8220;<\/li>\n<li>0.33% &#8222;dragon&#8220;<\/li>\n<li>0.31% &#8222;abc123&#8220;<\/li>\n<li>0.31% &#8222;123456789&#8220;<\/li>\n<li>0.31% &#8222;111111&#8220;<\/li>\n<li>0.30% &#8222;hello&#8220;<\/li>\n<li>0.30% &#8222;monkey&#8220;<\/li>\n<li>0.28% &#8222;master&#8220;<\/li>\n<li>0.22% &#8222;killer&#8220;<\/li>\n<li>0.22% &#8222;123123&#8220;<\/li>\n<\/ul>\n<p>Die L\u00e4nge der Passw\u00f6rter verteilt sich wie folgt:<\/p>\n<ul>\n<li>1 character 0.34%<\/li>\n<li>2 characters 0.54%<\/li>\n<li>3 characters 2.92%<\/li>\n<li>4 characters 12.29%<\/li>\n<li>5 characters 13.29%<\/li>\n<li>6 characters 35.16%<\/li>\n<li>7 characters 14.60%<\/li>\n<li>8 characters 15.50%<\/li>\n<li>9 characters 3.81%<\/li>\n<li>10 characters 1.14%<\/li>\n<li>11 characters 0.22%<\/li>\n<\/ul>\n<p>Und weiter in der Statistik:<\/p>\n<ul>\n<li>16% of passwords matched a person&#8217;s first name<\/li>\n<li>14% of passwords were patterns on the keyboard<\/li>\n<li>5% of passwords are pop-culture references<\/li>\n<li>4% are variations of the word &#8222;password&#8220;<\/li>\n<li>4% of passwords appear to reference things nearby<\/li>\n<li>3% of passwords are &#8222;emo&#8220; words<\/li>\n<li>3% are &#8222;don&#8217;t care&#8220; words<\/li>\n<li>1.3% are passwords people saw in movies\/TV<\/li>\n<li>1% are sports related<\/li>\n<\/ul>\n<p>Psychologe m\u00fcsste man sein. Oder nee, lieber doch nicht. \ud83d\ude42<\/p>\n<p><a href=\"http:\/\/www.darkreading.com\/blog\/archives\/2009\/02\/phpbb_password.html\">Mehr dazu bei DarkReading<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wie durch die Medien bekannt, wurde die Webseite phpbb.com neulich gehackt. Die Angreifer haben Zugriff auf alle Passworthashes bekommen und diese analysiert: Die Top 20 Liste der verwendete Passw\u00f6rter: 3.03% &#8222;123456&#8220; 2.13% &#8222;password&#8220; 1.45% &#8222;phpbb&#8220; 0.91% &#8222;qwerty&#8220; 0.82% &#8222;12345&#8220; 0.59% &#8222;12345678&#8220; 0.58% &#8222;letmein&#8220; 0.53% &#8222;1234&#8220; 0.50% &#8222;test&#8220; 0.43% &#8222;123&#8220; 0.36% &#8222;trustno1&#8220; 0.33% &#8222;dragon&#8220; 0.31% &#8222;abc123&#8220; [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[8,6],"tags":[],"_links":{"self":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts\/849"}],"collection":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/comments?post=849"}],"version-history":[{"count":0,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts\/849\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/media?parent=849"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/categories?post=849"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/tags?post=849"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}