| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Dec 2011 09:28:39 +0100
From: Alessandro Tagliapietra <tagliapietra.alessandro@...il.com>
To: Charles Morris <cmorris@...odu.edu>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Large password list
Get g0tmi1k's password list, for me there is lot of work behind and i've
found that working fine ;)
http://g0tmi1k.blogspot.com/2011/06/dictionaries-wordlists.html
Regards
2011/12/2 Charles Morris <cmorris@...odu.edu>
> Of course, you are quite right, it follows,
> and it's been many years since I've used anything less than 512 bits
> with strong internal state for anything relevant.
>
> Still...
>
> On Fri, Dec 2, 2011 at 2:30 PM, Gage Bystrom <themadichib0d@...il.com>
> wrote:
> > I think it simply makes sense though. As more and more common passwords
> are
> > cracked by the multitude of boxes out there dedicated to cracking hashes,
> > the more and more likely that its gunna turn up in a list or a site
> > somewhere. Add in that Google is really good at finding long strings and
> > numbers if they exist on the net and the fact that the entire idea behind
> > hashes is for them to be unique....yeah.....
> >
> >
> > On Dec 2, 2011 11:17 AM, "Charles Morris" <cmorris@...odu.edu> wrote:
> >>
> >> This is extremely depressing.
> >>
> >> On Fri, Dec 2, 2011 at 2:14 PM, Jeffrey Walton <noloader@...il.com>
> wrote:
> >> > On Thu, Dec 1, 2011 at 10:59 PM, Sanguinarious Rose
> >> > <SanguineRose@...ultusterra.com> wrote:
> >> >> I am at a lack of words for this, why pay $4.99 when you can just do
> >> >> some simple googling? You can even search pastebin and get a mass
> >> >> collection of password lists from dbases. Add a dash of awk and maybe
> >> >> a pinch of sed and viola!
> >> >>
> >> > Why even spend the CPU cycles to process the password list? See Jon
> >> > Callas' post on the Random Bits mailing list: "No one bothers cracking
> >> > the crypto (real life edition)",
> >> >
> >> >
> http://lists.randombit.net/pipermail/cryptography/2011-December/001870.html
> .
> >> >
> >> > Interestingly (sadly?), googling the hash worked quite well for me on
> >> > a number of test cases, including common words and proper names.
> >> >
> >> > Jeff
> >> >
> >> > _______________________________________________
> >> > Full-Disclosure - We believe in it.
> >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> > Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists