Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Dec 2012 15:00:09 -0600
From: Jerry <sec-acct.14@...x.cc>
To: john-users@...ts.openwall.com
Subject: interesting password cracking discovery

We've all see numerous security announcements, etc, about people using
bad passwords, including using password, spouse or child's name, etc.

I was recently running john against an old password file from back in
the 1995-1996 time period.  John has been running on the file for
awhile, and I just had a large group of password matches.

For what ever reason, a large group of people decided to use their home
phone number as a password.  Specifically, if a person had a phone
number of (123) 456-7890 , the had used 4567890 or 456-7890 as their
password.

Password security, at least for many, has progressed a great deal since
the 90's, and I have seen all types of bad password security articles, I
just don't recall seeing people use phone numbers as passwords.

I am curious if others have observed similar occurrences, or if this is
unique.

Jerry

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.