Re: Gawker hacked: Another trove of password data

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 17 Dec 2010 10:17:56 +0100
Florian Roth <Neo.X () web de> wrote:

> I did 282372 so far - still going fast with a huge wordlist I
> generated over years. 
>
> I think we should merge our results when finished.
> Is there a format we should use? (john -show, CSV)
>
> Regards 

There is some benefit to merging periodically rather than just at the
end. When I merge your cracks I see what patterns you got that I missed
and then I know what I still need to try.  Of course the same goes for
you.

As for format, john --show will output what is essentially a
de-duplicated john.pot file.  Either one works well because the format
in unambiguous.

We are currently at 529506 of 748081 (70.782%) accounts.  Or 315740
unique passwords.  Just because our number is bigger than yours though
doesn't mean you don't have hundreds or thousands of cracks that we
don't.  It's still very worthwhile for us to sync up.

Regarding sharing cracks, I think we should keep usernames/emails +
passwords off of the nmap-dev list.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)

iEYEARECAAYFAk0L30cACgkQqaGPzAsl94JuewCghU16/p3aINnnQHtWflUBPRrK
DjsAmwXs5twxDmNn1Ijbcj8nrl9O/8xj
=TtOC
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/