Journal jcuervo's Journal: Bad password - it is based on a dictionary word 2
I rewrote the crack program I wrote for work to use a precompiled MySQL database of dictionary words and their Digest::MD5::md5_base64().
It's kind of neat, how you can guess at what kind of person someone is by their password. Since there're no restrictions on passwords (IOW, no cracklib -- support was originally built in but unimplemented by the guys I took over for (holy shit, they actually did something sort of right!), and I didn't feel like implementing it), people can have whatever they feel like having for a password, short of a null string...
...actually, I wonder if they can have a null string.
Anyway. There're the beer drinkers, teenie-boppers, l33t h4xx0rz, serious Unix people (few and far between :-(). Moms and pops, grammas and grampas, using their offsprings' names as passwords. Peoples' nicknames. The unimaginative single-chars.
And at least two dozen people who haven't bothered to change their password from the default. *sigh*
I remember running the earlier version of this program on the [needless to say: suspended] 419 scammers that lived on my systems before they became my systems. I don't remember their passwords, but I remember it wasn't what you'd expect them to have.
Makes me wonder what sort of person I'd be judged as, based solely on my username and password.
Suppose I'm an antisocial alcoholic. :-)
Girlfriend (?) went home, after about a week of staying with me. So I got drunk, bored, and stupid, and decided to write in my Slashdot journal. Sorry, everybody. :P
By the way, the number of people with the password "password" is fucking ridiculous.
It's kind of neat, how you can guess at what kind of person someone is by their password. Since there're no restrictions on passwords (IOW, no cracklib -- support was originally built in but unimplemented by the guys I took over for (holy shit, they actually did something sort of right!), and I didn't feel like implementing it), people can have whatever they feel like having for a password, short of a null string...
Anyway. There're the beer drinkers, teenie-boppers, l33t h4xx0rz, serious Unix people (few and far between
And at least two dozen people who haven't bothered to change their password from the default. *sigh*
I remember running the earlier version of this program on the [needless to say: suspended] 419 scammers that lived on my systems before they became my systems. I don't remember their passwords, but I remember it wasn't what you'd expect them to have.
Makes me wonder what sort of person I'd be judged as, based solely on my username and password.
Suppose I'm an antisocial alcoholic.
Girlfriend (?) went home, after about a week of staying with me. So I got drunk, bored, and stupid, and decided to write in my Slashdot journal. Sorry, everybody.
By the way, the number of people with the password "password" is fucking ridiculous.
One of my old Uni passwords... (Score:2)
So I typed 'ls', and used part of a random xterm log filename which was an extremely good one
To try not to have my passwords too difficult to remember, I often choose them as composites of what I can see in front of me at the time and break the bits with punctuation. I leave those items arra
Re:One of my old Uni passwords... (Score:1)
Then some twit got the Suckit rootkit on one of my machines. *sigh*
Was time to change my password, anyway. And that box has been needing an upgrade for a while...