Sunday, April 1, 2012

Analysis Of Leaked MilitarySingles.org Passwords

This time I take a look at an interesting leak: MilitarySingles.org. They are operated by ESingles Inc. and they claimed that they had not been hacked by the notorious LulzSec hacker group. They assured their customers that the site had not been hacked and they claimed that "All user passwords in our database are encrypted and secure.". The rest of the story can be seen at databreaches.net.

It turns out that the passwords, despite what ESingles said, was not encrypted nor secure. They are unsalted MD5 hashes and combined with a weak password policy, almost all of the hashes were cracked within a few minutes.

A total of 163.792 hashes were leaked and 151.791 (92.2%) of them were cracked in 9 hours.

The Results

Length distribution
 
Average password length: 7,427

Character distribution
 

Unique character distribution


Contained in common wordlists
 

Contained in IQ wordlist (Click here for more info)


Top 30 most common passwords

Password Frequency
123456 763
password 415
iloveyou 177
military 165
sunshine 152
princess 146
ranger 131
marines 128
michael 118
12345678 118
love 113
marine 110
123456789 110
jennifer 109
tigger 100
loveme 99
freedom 98
michelle 97
ashley 97
justin 95
single 94
jessica 94
airborne 93
fuckyou 93
nicole 89
football 87
1234 82
matthew 81
monkey 81

Top 30 longest passwords

Password Length
chocolatemint12 15
iloveallmy4kids 15
Septembergirl13 15
restoration2010 15
alwayslovingyou 15
salveregina1988 15
plastickitten58 15
123456789101112 15
screamingeagles 15
whiskeygirl2012 15
pharmaceuticals 15
philippines2012 15
catherine102484 15
airforcegirl711 15
loveme163456123 15
schoolofrock123 15
hannahjones1989 15
youllneverguess 15
ctxcolormonitor 15
flexiblecouch10 15
1cutestrawberry 15
destinyschild20 15
coloradosprings 15
rockfordfosgate 15
americansingles 15
danielradcliffe 15
kimberly1234567 15
Fuckyourself007 15
POPOCATEPEL1978 15

Bonus: Virtualization of the common passwords

1 comment:

Anonymous said...

Ha lol ... great post ... In da face

Post a Comment