darbsllim (OP)
Sr. Member
Offline
Activity: 297
Merit: 251
Founder, Filmmaker, Fun Guy
|
|
June 28, 2011, 03:34:42 PM |
|
Not sure if any of you have seen this or not, but here it is: https://www.nanaimogold.com/microlionsec.txtIf you haven't changed your passwords yet...do it. If you wanted to see whether or not your password was safe, feel free to check if it was cracked here.
|
Brad Mills, Investor - Former miner - Former Bitcoin Business Owner - Survivor of the Great Bitcoin Crashes of 2011 and 2012, the MtGox Heist of 2014 & the 2017 crypto bubble. Bitrated user: bradmillscan.
|
|
|
Anonymous
Guest
|
|
June 28, 2011, 03:40:39 PM |
|
Well, that password is done. I was ignorant to think that would suffice.
|
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 28, 2011, 03:44:42 PM |
|
Hmm, I was not cracked. Some of the cracked passwords look pretty secure. Like
1036 ... ccFy7KpgN
How did that get cracked? Was that one of the unsalted ones?
1938 ... BESys*t3M
This seems like it should be secure, even though it is leetspeak.
1955 ... RYL4McGT
Again, unsalted? How was this cracked?
13434 ... djcnbimil99332k
I think this was is too far down to be unsalted, and it is too long for rainbow tables. Is it following a pattern I don't see?
13449 ... n833bgva
This looks secure enough to me. How are these getting cracked? How much time does it take?
|
|
|
|
spruce
|
|
June 28, 2011, 03:45:01 PM |
|
Mine isn't on there (phew), but it is interesting to see what is.
I've certainly got more industrious in terms of making 20-character 4-type (upper case, lower case, symbol, number) passwords for important uses now. So I am glad this happened, despite the temporary annoyance at having that username and email address broadly published.
|
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 28, 2011, 03:45:31 PM |
|
Well, that password is done. I was ignorant to think that would suffice.
Numbers are easy.
|
|
|
|
DeiBellum
Newbie
Offline
Activity: 22
Merit: 0
|
|
June 28, 2011, 03:49:40 PM |
|
Not cracked on both accounts (made one and forgot I had made it!)
Saweet!
|
|
|
|
just_someguy
|
|
June 28, 2011, 03:50:58 PM |
|
Some that stick out that should be relatively strong: j3n0VA$@ Nephi7187$$$ K7mmI8lAsn1o0q c0urche$ne 7XiBKeJe5ochSqVW n0k!@N900 yT#g1Srm123
I'm also curious how these were broken assuming these are salted.
|
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 28, 2011, 03:53:10 PM |
|
Some that stick out that should be relatively strong: j3n0VA$@ Nephi7187$$$ K7mmI8lAsn1o0q c0urche$ne 7XiBKeJe5ochSqVW n0k!@N900 yT#g1Srm123
I'm also curious how these were broken assuming these are salted.
Even if they aren't salted, the longest rainbow table I know of is only 10 characters, alphanumeric only. Most of those don't fit.
|
|
|
|
finack
Member
Offline
Activity: 126
Merit: 10
|
|
June 28, 2011, 03:53:49 PM |
|
This looks secure enough to me. How are these getting cracked? How much time does it take?
I don't think they spent a lot of time cracking them. My password isn't there but should have been fairly easy to crack with some standard multi-word rules. I wonder if the difficult passwords were reused and had been previously cracked. A lot of people feed lists of publicly cracked passwords as one of their dictionaries.
|
|
|
|
fascistmuffin
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 28, 2011, 03:54:47 PM |
|
I was surprised I wasn't on that list. I had a rather weakish (I thought at least) 14 length password with a few capitals and numbers in it.
|
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 28, 2011, 03:55:33 PM |
|
Not cracked on both accounts (made one and forgot I had made it!)
Saweet!
Remember, even if you aren't cracked now, you might be in the future. Don't count on those passwords.
|
|
|
|
foggyb
Legendary
Offline
Activity: 1736
Merit: 1006
|
|
June 28, 2011, 03:55:42 PM |
|
My password is in that list, but my account is not.
My version has upper/lower case.
|
Hey everyone! 🎉 Dive into the excitement with the Gamble Games Eggdrop game! Not only is it a fun and easy-to-play mobile experience, you can now stake your winnings and accumulate $WinG token, which has a finite supply of 200 million tokens. Sign up now using this exclusive referral link! Start staking, playing, and winning today! 🎲🐣
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 28, 2011, 04:00:46 PM |
|
By my calculations, a random 9 character password, like this BESys*t3M should take a 5770 about 2/3 of a year to crack. But there it is on the list. How much hashing power did they throw at this?
|
|
|
|
bitcoin0918
Newbie
Offline
Activity: 70
Merit: 0
|
|
June 28, 2011, 04:03:46 PM |
|
The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.
|
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 28, 2011, 04:05:13 PM |
|
The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.
Hmm, so someone who uses the password "7XiBKeJe5ochSqVW" has been phished?
|
|
|
|
spruce
|
|
June 28, 2011, 04:05:31 PM |
|
By my calculations, a random 9 character password, like this BESys*t3M should take a 5770 about 2/3 of a year to crack. But there it is on the list. How much hashing power did they throw at this?
But they didn't crack all the random 9 character passwords. Mine was only 7 characters total, five lower-case letters then two numbers, and it's not on the list. Paul
|
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 28, 2011, 04:07:15 PM |
|
By my calculations, a random 9 character password, like this BESys*t3M should take a 5770 about 2/3 of a year to crack. But there it is on the list. How much hashing power did they throw at this?
But they didn't crack all the random 9 character passwords. Mine was only 7 characters total, five lower-case letters then two numbers, and it's not on the list. Paul That seems like an easy crack compared to some of them. That should only take about 8 minutes on a 5770. Maybe less.
|
|
|
|
bitcoin0918
Newbie
Offline
Activity: 70
Merit: 0
|
|
June 28, 2011, 04:08:14 PM |
|
The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.
Hmm, so someone who uses the password "7XiBKeJe5ochSqVW" has been phished? Just because a password is complex doesn't mean the user is not susceptible to phishing, viruses, etc. They could have used the password on an unsecured wireless network - something people do all the time. An extremely complex password can also lead to a false sense of security, inadvertently making people more susceptible to other forms of attack. It's better to use sufficiently complex *different* passwords with every account, than to use the same extremely complex password on all accounts.
|
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 28, 2011, 04:11:38 PM |
|
The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.
Hmm, so someone who uses the password "7XiBKeJe5ochSqVW" has been phished? Just because a password is complex doesn't mean the user is not susceptible to phishing, viruses, etc. They could have used the password on an unsecured wireless network - something people do all the time. An extremely complex password can also lead to a false sense of security, inadvertently making people more susceptible to other forms of attack. It's better to use sufficiently complex *different* passwords with every account, than to use the same extremely complex password on all accounts. There are just too many complex ones for that to be the answer. But then again, mine is simple compared to some of these and it isn't on the list. So perhaps you are right.
|
|
|
|
bitcoin0918
Newbie
Offline
Activity: 70
Merit: 0
|
|
June 28, 2011, 04:12:58 PM |
|
The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.
Hmm, so someone who uses the password "7XiBKeJe5ochSqVW" has been phished? I looked that dude up on Facebook. He's an older guy whose activities include singing, sailing, barefoot hiking, etc. No evidence of computer expertise. The complex password was a false sense of security, and he was phished, in all likelihood.
|
|
|
|
|