Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 17 Dec 2012 18:54:17 -0700
From: Stephen John Smoogen <smooge@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: interesting password cracking discovery

On 17 December 2012 14:00, Jerry <sec-acct.14@...x.cc> wrote:
> We've all see numerous security announcements, etc, about people using
> bad passwords, including using password, spouse or child's name, etc.
>
> I was recently running john against an old password file from back in
> the 1995-1996 time period.  John has been running on the file for
> awhile, and I just had a large group of password matches.
>
> For what ever reason, a large group of people decided to use their home
> phone number as a password.  Specifically, if a person had a phone
> number of (123) 456-7890 , the had used 4567890 or 456-7890 as their
> password.
>
> Password security, at least for many, has progressed a great deal since
> the 90's, and I have seen all types of bad password security articles, I
> just don't recall seeing people use phone numbers as passwords.
>
> I am curious if others have observed similar occurrences, or if this is
> unique.

People use phone numbers quite a bit still. I found that xxx-xxxx very
very useful at various sites. The other ones that are useful are
xxx-xx-xxxx and xxx-xx-xxxx . After that taking words and adding some
numbers at the front and "Str", "Ave", "Rd" etc at the end is also
fairly common. It is one of those things that people will use what
they can remember the easiest.. so the person's address growing up
will get used as much as their phone number.

> Jerry



-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.