25 Apr
2007
25 Apr
'07
1:16 p.m.
On 4/25/07, Fred Cisin <cisin at xenosoft.com> wrote:
In fact, if you were to start filling in the table
with a
dictionary/namelist approach, many of the "passwords" will actually match!
Just how common ARE "sex", "love", and "god"?
I never found any of those when I used to run Crack on a quarterly
basis to look for weak passwords at a former job. I did find plenty
of trivial passwords like "abc" combined with small numeric suffixes
and/or prefixes, though - all found *very* quickly by Crack. The ones
that took the longest (2 out of 400 users) were dictionary words with
the common 1=i, 0=o sorts of substitutions and no punctuation. They
were cracked during my normal run, but not in the first 15 minutes.
Anything with just "abc" and numbers fell in seconds or minutes. We
did not allow enough time for a strict brute-force attack, so the half
of the users who did not use modified or unmodified words from a
dictionary fared well.
The closest thing I have to a match for the "classic" passwords was a
variant on what could be considered the cynical antonym of love...
"divorce". That user probably used to use 'love'.
How many people here remember any of the
"master" passwords of TRS-DOS?
Not me, but I did spend time with a sector editor/disk image editor to
extract the password in the Personal Software edition of Zork I.
-ethan