[cryptography] Password Blacklist that includes Adobe's Motherload?

Kevin W. Wall kevin.w.wall at gmail.com
Thu Nov 14 22:35:21 EST 2013


On Thu, Nov 14, 2013 at 6:07 PM, Patrick Mylund Nielsen
<cryptography at patrickmylund.com> wrote:
> On Thu, Nov 14, 2013 at 5:57 PM, Ben Laurie <ben at links.org> wrote:
>>
>> On 14 November 2013 03:29, shawn wilson <ag4ve.us at gmail.com> wrote:
>> > This is the only thing I've seen (haven't really looked):
>> > http://stricture-group.com/files/adobe-top100.txt
>>
>> I have to ask: snoopy1 more popular than snoopy? wtf?
>
>
> Probably people who reuse passwords and are used to sites that require a
> number in the password (or "picked" their go-to password when signing up for
> a site that did) -- "snoopy1" works more often.

The digit is obviously there because there because of today's password
complexity rules used most sites that demand at least one digit or a 3 of 4
char sets of uppercase, lowercase, digits, or special characters.

Besides that, (unfortunately) it's a lot easier to change 'snoopy1' to 'snoopy2'
then to 'snoopy3', etc. when your password inevitably changes. Plus, it makes
a lot easier to remember than to start out with 'sn00py' and then go
to 'sn11py',
'sn22py', etc. :-)

-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.


More information about the cryptography mailing list