Nice little insight into how users choose their passwords based on real data.
http://www.net-security.org/secworld.php?id=8742
Analysis of 32m passwords.
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
oh yeah...user passwords, the nightmare of every site/server admin...when I create accounts for customers I always generate the passwords for them and hope they will not find the function to set new ones... 
here's a really good password generator btw:
http://sourceforge.net/projects/epg/
here's a really good password generator btw:
http://sourceforge.net/projects/epg/
this one is very true...5. iloveyou
i can tell that from my friend password...
as well as one of the most common password type over here are the boy/girl friend phone number or name and even nick name...
a little chat with the victim can make predicting the password an easy task...
and of course the mighty iloveyouXXX .
There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly. "The Jester"
The big danger is people using the same password for all their logins, including work. This means you can crack a weaker application like a chat program, and then use that password against the victim's more secure accounts.
The chart should be helpful in building your dictionary cracking DB
DNR
The chart should be helpful in building your dictionary cracking DB
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
P4 - no you are exactly right - I had mention it before - you can profile someone for their password. Somehow, it is a reasonable deduction made from observing that person's common sense, education level, internet/computer savvy, and even some 'interviewing and interogation' conversation with the victim. You get a sense of if they follow rules, if they care/aware of dangers, and then you use a reasonable assumption that people use passwords they can remember - by chosing something in their life, or even in front of them.
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
