On Fri, 1 Feb 2019, Jonathan Engwall wrote:
Hello,Just the other night I saw an article about crypto theives breaking passwords based on many people using the same password. The idea being to access many accounts at once. Did anyone else see this? My bank says they might be having a system wide error.
There is an ancient Unix/Linux application called "crack" (it's still in at least Fedora, if not all the rest). At this point it is usually used by sysadmins to run on their password file to detect terrible passwords when users pick easily crackable ones. One part of the (rather intelligent -- written by generations of mostly-white hat wizards) program checks for common passwords, unchanged passwords (like changeme), and then runs the entire dictionary(s) with all reasonable permutations of things like S -> 5, E -> 3, L -> 1. This works great for cracking password files with the encrypted strings, but network cracking is a bit more complex. There one doesn't have the encrypted passwords and most interfaces where you can enter a password only take X attempts and then do anything from lock down the account to shut down the entry window for X seconds. They also are s l o w. So one can test only a tiny handful of passwords before being flagged, blocked, shut out, and so on. Hence (I'm sure) they concentrate on only the most likely of stupid possibilities -- your own name, your own name backwards, your birthday. Crack actually allows you to generate statistics over time so you can identify the "best of the worst" lists. Here's one: https://en.wikipedia.org/wiki/List_of_the_most_common_passwords rgb
Jonathan Engwall
Robert G. Brown http://www.phy.duke.edu/~rgb/ Duke University Dept. of Physics, Box 90305 Durham, N.C. 27708-0305 Phone: 1-919-660-2567 Fax: 919-660-2525 email:r...@phy.duke.edu _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
