Skip navigation

Hello folks ūüôā

A few days after the last post about the linkedin password leak and the quick analysis of the passwords I recovered, a friend of mine gave me a link to the eharmony password archive. This archive contains 1513836 md5 hashes. I had a very big surprise with this dump because when I started to work on it, I quickly noticed that all password were uppercased‚Ķ Thanks eHarmony ! Just to remember, the number of combinations for a N characters length password made of a charset of C different letters is C^N. Here, the ¬ę standard ¬Ľ charset [A-Za-z0-9] (26+26+10=62 chars) becomes [A-Z0-9] (26+10=32, nearly half the previous charset).

Why did they uppercased their passwords ? It’s simple, they noticed that some people capitalized their passwords and forgot about the letters they capitalized so‚Ķ they uppercased the passwords to make them case-insensitive. Yes, this and the unsalted md5 resulted in an epic failure (or an epic win, it depends on the side you are).
It took less than one hour with good word lists and some hashcat rules (uppercase everything) to recover  1192230 passwords (approx. 79% of the dump). Like last time, I ran pipal over it. This tool is just awesome (but it took more than one hour to get those results, is this a normal behaviour ? It took ~ 2h30 on the linkedin dump).

Here are the results :


Total entries = 1192229
Total unique entries = 1192195

Top 10 passwords
FREETOBEME = 2 (0.0%)
LIS95129 = 2 (0.0%)
KER82154 = 2 (0.0%)
KER11681 = 2 (0.0%)
KES01890 = 2 (0.0%)
KEV9139 = 2 (0.0%)
KEP4378 = 2 (0.0%)
KEY0917 = 2 (0.0%)
KEV2205 = 2 (0.0%)
KEV8894 = 2 (0.0%)

Top 10 base words
lisa = 262 (0.02%)
chris = 230 (0.02%)
eharmony = 203 (0.02%)
tina = 200 (0.02%)
eric = 193 (0.02%)
usmc = 174 (0.01%)
mike = 171 (0.01%)
nana = 167 (0.01%)
mama = 165 (0.01%)
emma = 163 (0.01%)

Password length (length ordered)
2 = 2 (0.0%)
3 = 2 (0.0%)
4 = 2 (0.0%)
5 = 46627 (3.91%)
6 = 253345 (21.25%)
7 = 279886 (23.48%)
8 = 251626 (21.11%)
9 = 161057 (13.51%)
10 = 113087 (9.49%)
11 = 44446 (3.73%)
12 = 24147 (2.03%)
13 = 11239 (0.94%)
14 = 6361 (0.53%)
15 = 416 (0.03%)

Password length (count ordered)
7 = 279886 (23.48%)
6 = 253345 (21.25%)
8 = 251626 (21.11%)
9 = 161057 (13.51%)
10 = 113087 (9.49%)
5 = 46627 (3.91%)
11 = 44446 (3.73%)
12 = 24147 (2.03%)
13 = 11239 (0.94%)
14 = 6361 (0.53%)
15 = 416 (0.03%)
4 = 2 (0.0%)
3 = 2 (0.0%)
2 = 2 (0.0%)

       |
      |||
      |||
      |||
      |||
      |||
      ||||
      ||||
      ||||
      |||||
      |||||
      |||||
      |||||
     |||||||
     ||||||||
||||||||||||||||
0000000000111111
0123456789012345

One to six characters = 299973 (25.16%)
One to eight characters = 831483 (69.74%)
More than eight characters = 360746 (30.26%)

Only lowercase alpha = 0 (0.0%)
Only uppercase alpha = 460433 (38.62%)
Only alpha = 460433 (38.62%)
Only numeric = 18752 (1.57%)

First capital last symbol = 153 (0.01%)
First capital last number = 547462 (45.92%)

Months
january = 28 (0.0%)
february = 7 (0.0%)
march = 203 (0.02%)
april = 266 (0.02%)
may = 2512 (0.21%)
june = 409 (0.03%)
july = 251 (0.02%)
august = 88 (0.01%)
september = 14 (0.0%)
october = 43 (0.0%)
november = 53 (0.0%)
december = 34 (0.0%)

Days
monday = 27 (0.0%)
tuesday = 9 (0.0%)
wednesday = 2 (0.0%)
thursday = 4 (0.0%)
friday = 35 (0.0%)
saturday = 5 (0.0%)
sunday = 25 (0.0%)

Months (Abreviated)
jan = 3193 (0.27%)
feb = 540 (0.05%)
mar = 10944 (0.92%)
apr = 833 (0.07%)
may = 2512 (0.21%)
jun = 1546 (0.13%)
jul = 1343 (0.11%)
aug = 976 (0.08%)
sept = 155 (0.01%)
oct = 716 (0.06%)
nov = 1163 (0.1%)
dec = 1059 (0.09%)

Days (Abreviated)
mon = 9141 (0.77%)
tues = 22 (0.0%)
wed = 336 (0.03%)
thurs = 13 (0.0%)
fri = 995 (0.08%)
sat = 1011 (0.08%)
sun = 2020 (0.17%)

Includes years
1975 = 686 (0.06%)
1976 = 690 (0.06%)
1977 = 697 (0.06%)
1978 = 760 (0.06%)
1979 = 719 (0.06%)
1980 = 883 (0.07%)
1981 = 778 (0.07%)
1982 = 795 (0.07%)
1983 = 791 (0.07%)
1984 = 912 (0.08%)
1985 = 793 (0.07%)
1986 = 784 (0.07%)
1987 = 769 (0.06%)
1988 = 624 (0.05%)
1989 = 696 (0.06%)
1990 = 508 (0.04%)
1991 = 459 (0.04%)
1992 = 358 (0.03%)
1993 = 300 (0.03%)
1994 = 321 (0.03%)
1995 = 379 (0.03%)
1996 = 345 (0.03%)
1997 = 337 (0.03%)
1998 = 452 (0.04%)
1999 = 501 (0.04%)
2000 = 1543 (0.13%)
2001 = 884 (0.07%)
2002 = 837 (0.07%)
2003 = 887 (0.07%)
2004 = 955 (0.08%)
2005 = 1160 (0.1%)
2006 = 1300 (0.11%)
2007 = 1382 (0.12%)
2008 = 1497 (0.13%)
2009 = 1490 (0.12%)
2010 = 1007 (0.08%)
2011 = 231 (0.02%)
2012 = 260 (0.02%)
2013 = 101 (0.01%)
2014 = 64 (0.01%)
2015 = 68 (0.01%)
2016 = 58 (0.0%)
2017 = 59 (0.0%)
2018 = 63 (0.01%)
2019 = 122 (0.01%)
2020 = 486 (0.04%)

Years (Top 10)
2000 = 1543 (0.13%)
2008 = 1497 (0.13%)
2009 = 1490 (0.12%)
2007 = 1382 (0.12%)
2006 = 1300 (0.11%)
2005 = 1160 (0.1%)
2010 = 1007 (0.08%)
2004 = 955 (0.08%)
1984 = 912 (0.08%)
2003 = 887 (0.07%)

Single digit on the end = 113397 (9.51%)
Two digits on the end = 158751 (13.32%)
Three digits on the end = 81685 (6.85%)

Last number
0 = 52104 (4.37%)
1 = 107445 (9.01%)
2 = 63803 (5.35%)
3 = 63606 (5.34%)
4 = 48970 (4.11%)
5 = 50668 (4.25%)
6 = 45781 (3.84%)
7 = 52670 (4.42%)
8 = 46362 (3.89%)
9 = 51939 (4.36%)

 |
 |
 |
 |
 |
 |
 |||
 |||
|||||| | |
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
0123456789

Last digit
1 = 107445 (9.01%)
2 = 63803 (5.35%)
3 = 63606 (5.34%)
7 = 52670 (4.42%)
0 = 52104 (4.37%)
9 = 51939 (4.36%)
5 = 50668 (4.25%)
4 = 48970 (4.11%)
8 = 46362 (3.89%)
6 = 45781 (3.84%)

Last 2 digits (Top 10)
23 = 16351 (1.37%)
12 = 12668 (1.06%)
11 = 12095 (1.01%)
01 = 11615 (0.97%)
00 = 10183 (0.85%)
21 = 9299 (0.78%)
22 = 9088 (0.76%)
69 = 9004 (0.76%)
13 = 8837 (0.74%)
10 = 8699 (0.73%)

Last 3 digits (Top 10)
123 = 9089 (0.76%)
007 = 2923 (0.25%)
000 = 2788 (0.23%)
234 = 2555 (0.21%)
009 = 1828 (0.15%)
777 = 1827 (0.15%)
001 = 1819 (0.15%)
101 = 1803 (0.15%)
008 = 1759 (0.15%)
420 = 1710 (0.14%)

Last 4 digits (Top 10)
1234 = 2048 (0.17%)
2009 = 1340 (0.11%)
2008 = 1337 (0.11%)
2000 = 1245 (0.1%)
2007 = 1223 (0.1%)
2006 = 1130 (0.09%)
2005 = 1009 (0.08%)
2345 = 941 (0.08%)
2010 = 864 (0.07%)
2004 = 827 (0.07%)

Last 5 digits (Top 10)
12345 = 816 (0.07%)
23456 = 451 (0.04%)
54321 = 160 (0.01%)
55555 = 133 (0.01%)
11111 = 122 (0.01%)
56789 = 117 (0.01%)
77777 = 103 (0.01%)
00000 = 92 (0.01%)
96969 = 66 (0.01%)
34567 = 66 (0.01%)

Character sets
upperalphanum: 711909 (59.71%)
upperalpha: 460433 (38.62%)
numeric: 18752 (1.57%)
upperalphaspecialnum: 530 (0.04%)
upperalphaspecial: 477 (0.04%)
specialnum: 66 (0.01%)

Character set ordering
stringdigit: 528785 (44.35%)
allstring: 460433 (38.62%)
digitstring: 68689 (5.76%)
stringdigitstring: 65481 (5.49%)
othermask: 33797 (2.83%)
alldigit: 18752 (1.57%)
digitstringdigit: 15565 (1.31%)
stringspecialstring: 362 (0.03%)
stringspecialdigit: 269 (0.02%)
stringspecial: 87 (0.01%)
specialstringspecial: 5 (0.0%)
specialstring: 4 (0.0%)

Hashcat masks (Top 10)
?u?u?u?u?u?u?u?u: 121805 (10.22%)
?u?u?u?u?u?u: 101111 (8.48%)
?u?u?u?u?u?u?u: 88475 (7.42%)
?u?u?u?u?u?u?u?u?u: 60990 (5.12%)
?u?u?u?d?d?d?d: 52693 (4.42%)
?u?u?u?u?d?d: 38724 (3.25%)
?u?u?u?u?u?d?d: 32912 (2.76%)
?u?u?u?u?u?u?u?u?u?u: 32415 (2.72%)
?u?u?d?d?d?d: 30207 (2.53%)
?u?u?u?u?d?d?d?d: 28667 (2.4%)

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

What is 8 + 10 ?
Please leave these two fields as-is: