Linked – “Be great at what you do” – In, bringing you modern social networking with less than modern password protection – like, about 1970s UNIX modern. The passwords in this dump not only rejected a robust, well-known password hashing scheme like PBKDF2, they didn’t even salt the passwords. As a historical reference, salts are something FreeBSD introduced around 1994.
It also appears some users are confused as to what constitutes a good password. Length? Characters? Punctuation? Phrases? An unfortunate number of users went for length, but neglected the shift key, space bar, or one of those numbers above qwerty.
I sat down for 20 minutes with
grep – plus my bookshelf for inspiration – to guess some possible passwords without resorting to a brute-force dictionary crack.
grep `echo -n myownpassword | shasum | cut -c6-40` SHA1.txt
The grep/shasum trick works on Unix-like command lines. John the Ripper is the usual tool for password cracking without entering the super assembly of GPU customization.
I love sci-fi and fantasy. I still run an RPG session on a weekly basis; there’s no dust on my polyhedrals. Speaking of RPGs. I started the guesswork with 1st Edition AD&D terms only to strike out after a dozen tries, but the 2nd edition references fared better:
waterdeep – Under Mountain was awesome, unlike your password.
menzoberranzan – Yeah, mister dual-scimitars shows up in the list, too. This single-handedly killed the Ranger class for me. (Er, not before I had about three rangers with dual longswords. ‘Cause that was totally different…)
No one seems to have taken “1stEditionAD&D”. Maybe that’ll be my new password – 14 characters, a number, a symbol, what’s not to love? Aside from this retroactive revelation?
tardis – Come on, that’s not even eight characters. Would tombaker or jonpertwee approve? I don’t think so. But no Wiliam Hartnell? Have you no sense of history? Even for a timelord?
doctorwho – Longer, but…um…we just covered this.
badwolf – Cool, some Jack Harkness fans out there, but still not eight characters.
torchwood – Love the show, but your anagram improves nothing.
kar120c – I’m glad there’s a fan of The Prisoner out there. It was a cool series with a mind-blowingly bizarre, pontificating, intriguing ending that demands discussion. However, not only is that password short, it even shows up in my book. I should find out who it was and send them a signed copy.
itsatrap – Seriously? You chose a cliched, meme-laden movie quote that short? And you couldn’t be bothered with an exclamation point at the end? At least you chose a line from the best of the three movies.
myprecious – Not anymore.
onering – Onering? While you were out onering your oner a password cracker was cracking your comprehension of LotR. By the way, hackers have also read earthsea, theshining and darktower. Hey, they’ve got good taste.
I adore the Dune books. Dune is near the top of my favorites. Seems I’m not the only fan:
benegesserit – Don’t they have some other quotes? Something about fear?
fearisthemindkiller – Heh, even the hackers hadn’t cracked that one yet. Referencing The Litany Against Fear would have been a nice move except that if “fear is the mind killer” then “obvious is the password.”
entersandman, blackened, dyerseve – What are you going to do when you run out of Metallica tracks? Use megadeath? It’s almost sadbuttrue. And jethrotull beat them at the Grammy’s. So, there.
loveiskind – Love is patient, love is kind, hackers aren’t stupid, passwords they find.
h4xx0r – No, probably not.
notmypassword – Actually, it is. At least you didn’t choose a 14-character secretpassword. That would just be dumb.
stevejobs – Now how is he going to change his password?