Shmoocon Stratfor Password Analysis

Chris Truncer presenting at Shmoocon with an interesting analysis of the Stratfor password dump. When Strategic Forecasting Inc (Stratfor) was hacked, the Hacktivist group Anonymous released hundreds of thousands of user’s accounts, including user names, credit card numbers and hashed versions of the user’s passwords.

At the recent Shmoocon security conference, (Video above) Chris Truncer presented a short analysis on this password dump. Using oclhashcat-plus Chris was able to decode about 70% of the password hashes that were publicly released. He then analyzed the cracked passwords with the password analysis program Pipal, which searches password lists and returns several statistics, like most used passwords and character use percentages.

Though the top ten passwords used didn’t seem to match the top passwords from last year, it is interesting to note that when users received a password from Stratfor, apparently many never changed it, or worse, many changed it to something less secure.


One thought on “Shmoocon Stratfor Password Analysis”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.