I think more than four thousand people are not dumb enough to set '123456' or 'password' as their password. I assume that a good percentage of that would for throwaway accounts and the users would be aware of the implications.<p>If i want to post a comment on a lifehacker blog post, there is a decent chance that i give some random string and 123456 as the username and password. This is the case when i know that i won't be using it again. True that an email is associated with the login credentials but still this might be true for many of those passwords.
70 => 11235813<p>I am curious is there a particular reason behind the fact that 70 people choosed that number for their password?<p>This number seems completely random to me so I dont understand the how and the why.
117 1qaz2wsx<p>I saw this one and at first I thought it would be a good password. Then I realized the pattern on the keyboard. I was thinking the other day, would there be any need to make a password crack program that focused more on patterns on the keyboard instead of vocabulary. xlsow02 uses the ring finger on each hand to type out what should score a strong rating on most password checkers yet is a simple human pattern for easy memorization.
I'm supposing that these are already in libcrack. Anyone know for certain?<p>Anyone have experiences integrating libcrack into their web app? I hesitate to integrate it because it would cause potential clients to quit the signup.<p>Alternatively, I think this list would be invaluable as a smaller blacklist. Thanks!
consumer. Really? consumer?<p>Who self identifies with that horrible term so closely that they would use it as their password?<p>A lot more people than I thought evidently.
Mine is not there, but how can assert that there are reasonable chances that it did not get cracked.<p>I don't want to get paranoïd and I see no point in changing my password to minor services unless there is a really good chance that it got compromized.<p>The "strong" versus "weak" message that some password checking services provide tells me nothing very usefull because what is weak when you focus a cluster of CPU for a week on may be "strong" for those who use the Gawker leak and don't have (I guess) such ressources.
I'm not familiar with Gawker, but just looking down the list, it appears that there is an 8-character limit on passwords:<p><pre><code> 124 swordfis
108 spiderma
98 chocolat
90 elizabet
88 butterfl
79 basketba
</code></pre>
(among others)<p>Why would anyone put a limit -- especially such a short one -- on password length? Please don't tell me it's because they want to store them as char(8).
We came up with different results and some more interesting items in the top 25 (link is to our top 100): <a href="http://intrepidusgroup.com/insight/wp-content/uploads/2010/12/top100.txt" rel="nofollow">http://intrepidusgroup.com/insight/wp-content/uploads/2010/1...</a><p>For instance, our #4 was lifehack with 861 results. We also came up with different counts.<p>It is probably worth comparing our methodologies and results: <a href="http://intrepidusgroup.com/insight/2010/12/gawker-des-crypt-fun-using-john-the-ripper-with-mpi/" rel="nofollow">http://intrepidusgroup.com/insight/2010/12/gawker-des-crypt-...</a> if you are interested in this.<p>edit: Amusingly, lifehack was the only password in our top100 missing from the linked top250. Given more time I am assuming lifehack would have dropped out during Duo's crack as a popular password since it is 8 characters and lower case.<p>Jeremy
-There's only two capital letters on the entire list: "Password" and "Highlife"<p>-"starwars": 256; "startrek": 88<p>-"sunshine" barely beat out "shadow" 266-255<p>-"trustno1": 307 was pretty surprising (it's a reference to the x-files)<p>-"superman": 297; "batman": 159; "spiderma": 108
Is there an easy way for me to decrypt what password Gawker had for me? I was unable to login with my account for over a year, but I'd like to see what password they have on file for me so I know whether I need to change it elsewhere.<p>I realize asking this also is asking for an instruction manual for malice with whatever is decrypted. I just don't know how to determine how exposed my email address leaves me.
I´m more concerned with the fact that it only stores the first eight characters. Does anyone know if this is common? I often use very long password strings that begin with something simple... like I may use the first line of a song (e.g. myformerhopesarefledmyterrornowbegins). I figured that it was exponentially harder to crack a longer password so I never bothered with diverse characters and capitalization.
I did a brief freelance gig not too long ago for a company that used a single password for all CMS & site admin user accounts, as well as for the database server and the ftp login to the production server.<p>It's one of the top 10 passwords on that list.