Passwords: Difference between revisions

Experience so far with passwords:

One was a three word phrase (in full rockyou.txt)

Another one was the word "secret", or something or other (in common passwords/short password list)

Latest:

common word + 2 digits (another terrible one - top 1 mil pws, alleged gmail passwords, rockyou)

8 digits, first 6 prime numbers (this one is terrible - top 1 mil pws, alleged gmail, honeynet, md5decryptor, mil-dic, rockyou)

two names put together (in alleged gmail passwords)

Rules gathered from this:

• Make good use of rockyou - it has EVERYTHING.
• Certain numbers are more common, like 33. Certain words match certain patterns. Like, imnumber and a number
• Numbers only - there are lots of numbers-only passwords that are patterns (most in rockyou, lots that are strange). These are basically THE lowest-hanging fruit.
• Appended numbers - start with the easy ones. low-hanging fruit.

Strategies:

• There are a lot of strategies that could be implemented to speed things up and make efficient use of things like common pin numbers, common number pws, common words, etc.
• This was the intention behind some of the scripts I wrote, but those have turned out to be more of a scheduling/maintenance/record-keeping thing, than anything else. It's mainly a collection of dictionaries and rules, used in combination. Use these dictionaries, apply these rules.
• Better approach would involve more stacked/layering. More autonomy.