1. Forum
  2. Usenet
  3. COMP.SYS.MAC.SYSTEM

  • Cautionary tale - passwords we've "forgotten"

    From Alan Browne@21:1/5 to All on Thu Mar 30 19:44:03 2023
    XPost: misc.phone.mobile.iphone

    There is a treasure trove of leaked passwords out there called:
    Rock You. This file (once uncompressed) is near 100 GB in size.

    It currently holds about 8.45 billion passwords that have been leaked
    one way or another into the wild. This list contains the passwords
    only, not any correlating sites.

    So, I downloaded the monster and unpacked it.

    I wrote a program to split it into 4 files and stored those on 4
    separate external drives.

    I exported my 1Password database to a .csv file in a ramdisk.

    Wrote another program to load these known passwords into a b-tree and
    then read in the files from the external disks and look for matches.
    This is run in 4 threads to speed things up - still takes quite a while
    to search through. (If I used a hash instead of a b-tree it would be a
    little quicker).

    Over time, it appears, I've used some trivial passwords and they've come
    up in my search (about 20 of them). These are for the most part for
    "throw away" access to some sites. There are two I'll go tidy up.

    Some systematic password silliness that I turned up (not my passwords):

    4 2086000000 98.6% zyxel-037-lry
    4 2087000000 98.7% zyxel-094-izh
    4 2088000000 98.7% zyxel-151-gfr
    4 2089000000 98.8% zyxel-208-dmj
    4 2090000000 98.8% zyxel-265-att
    4 2091000000 98.9% zyxel-321-ybc
    4 2092000000 98.9% zyxel-378-vil
    4 2093000000 99.0% zyxel-435-spv
    4 2094000000 99.0% zyxel-492-pxi
    4 2095000000 99.1% zyxel-549-ner
    4 2096000000 99.1% zyxel-606-klz
    4 2097000000 99.2% zyxel-663-htm
    4 2098000000 99.2% zyxel-720-far
    4 2099000000 99.3% zyxel-777-cib
    4 2100000000 99.3% zyxel-833-zpl
    4 2101000000 99.3% zyxel-890-wwo
    4 2102000000 99.4% zyxel-947-udx

    Meaning there are about 17 MILLION passwords in the form above!

    Ridiculous! Esp. that they ended up leaked!

    --
    “Donald Trump and his allies and supporters are a clear and present
    danger to American democracy.”
    - J Michael Luttig - 2022-06-16
    - Former US appellate court judge (R) testifying to the January 6
    committee

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ed Norton@21:1/5 to Alan Browne on Fri Mar 31 05:53:56 2023
    XPost: misc.phone.mobile.iphone

    On Thu, 30 Mar 2023 19:44:03 -0400, Alan Browne wrote
    (in article <89pVL.166582$5jd8.36626@fx05.iad>):

    [snip]
    Some systematic password silliness that I turned up (not my passwords):

    4 2086000000 98.6% zyxel-037-lry
    4 2087000000 98.7% zyxel-094-izh
    [sinp]

    Meaning there are about 17 MILLION passwords in the form above!

    Ridiculous! Esp. that they ended up leaked!

    Interesting, Alan. What do the percentages mean?



    --
    Ed

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alan Browne@21:1/5 to Ed Norton on Fri Mar 31 09:03:02 2023
    XPost: misc.phone.mobile.iphone

    On 2023-03-31 05:53, Ed Norton wrote:
    On Thu, 30 Mar 2023 19:44:03 -0400, Alan Browne wrote
    (in article <89pVL.166582$5jd8.36626@fx05.iad>):

    [snip]
    Some systematic password silliness that I turned up (not my passwords):

    4 2086000000 98.6% zyxel-037-lry
    4 2087000000 98.7% zyxel-094-izh
    [sinp]

    Meaning there are about 17 MILLION passwords in the form above!

    Ridiculous! Esp. that they ended up leaked!

    Interesting, Alan. What do the percentages mean?

    Just the progress point.

    So that (above) is the 4th "file" (4th quarter), at about 2B passwords
    in or 98.6% progress on that file.

    --
    “Donald Trump and his allies and supporters are a clear and present
    danger to American democracy.”
    - J Michael Luttig - 2022-06-16
    - Former US appellate court judge (R) testifying to the January 6
    committee

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alan Browne@21:1/5 to Alan Browne on Fri Mar 31 09:53:19 2023
    XPost: misc.phone.mobile.iphone

    On 2023-03-30 19:44, Alan Browne wrote:

    Some systematic password silliness that I turned up (not my passwords):

    4   2086000000    98.6% zyxel-037-lry
    4   2087000000    98.7% zyxel-094-izh
    4   2088000000    98.7% zyxel-151-gfr
    4   2089000000    98.8% zyxel-208-dmj
    4   2090000000    98.8% zyxel-265-att
    4   2091000000    98.9% zyxel-321-ybc
    4   2092000000    98.9% zyxel-378-vil
    4   2093000000    99.0% zyxel-435-spv
    4   2094000000    99.0% zyxel-492-pxi
    4   2095000000    99.1% zyxel-549-ner
    4   2096000000    99.1% zyxel-606-klz
    4   2097000000    99.2% zyxel-663-htm
    4   2098000000    99.2% zyxel-720-far
    4   2099000000    99.3% zyxel-777-cib
    4   2100000000    99.3% zyxel-833-zpl
    4   2101000000    99.3% zyxel-890-wwo
    4   2102000000    99.4% zyxel-947-udx

    Meaning there are about 17 MILLION passwords in the form above!

    Ridiculous!  Esp. that they ended up leaked!

    It turns out that Zyxel is a Taiwanese broadband co. The PW's above
    must be account "start" passwords. Still: bad practice.

    --
    “Donald Trump and his allies and supporters are a clear and present
    danger to American democracy.”
    - J Michael Luttig - 2022-06-16
    - Former US appellate court judge (R) testifying to the January 6
    committee

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)