| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4B505067.4080602@ionic.co.uk> Date: Fri, 15 Jan 2010 11:24:23 +0000 From: Michal <michal@...ic.co.uk> To: full-disclosure@...ts.grok.org.uk Subject: Fwd: Re: Looking at SSH scans passwords (honeypot analysis) On 14/01/2010 22:55, Elliot Fernandes wrote: > What I can say is that, the person who was trying to access your honeypot was using a wordlist, albeit of bad quality because the wordlist contains a large degree of statistical randomness. For the most of us, passwords consist of dictionary words, so a good wordlist would contain that and permutations of it, not just gibberish. By the way, I've scouraged the internet for wordlists and I've seen entries with !@...^&*( , !@#$% , !@#$ , !@# and the others you've included. > On an American Keyboard !@...^&*( is shift and the numbers 1 to 9, for English it's !"£$%^&*( but as he said it's just wordlists filled with that, thinking someone might use it as a password, which I guess is possible, it's probably better then your husbands name for example, but still shit _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists