lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 15 Jan 2010 11:24:23 +0000
From: Michal <michal@...ic.co.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Fwd: Re: Looking at SSH scans passwords (honeypot
 analysis)

On 14/01/2010 22:55, Elliot Fernandes wrote:
> What I can say is that, the person who was trying to access your honeypot was using a wordlist, albeit of bad quality because the wordlist contains a large degree of statistical randomness. For the most of us, passwords consist of dictionary words, so a good wordlist would contain that and permutations of it, not just gibberish. By the way, I've scouraged the internet for wordlists and I've seen entries with !@...^&*( , !@#$% , !@#$ , !@# and the others you've included.
> 

On an American Keyboard !@...^&*( is shift and the numbers 1 to 9, for
English it's !"£$%^&*( but as he said it's just wordlists filled with
that, thinking someone might use it as a password, which I guess is
possible, it's probably better then your husbands name for example, but
still shit

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists