Nmap Development mailing list archives
Re: Replacing passwords.lst
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 5 Mar 2010 18:50:54 +0000
Sorry for the top-post I'm on a crappy phone. I was thinking the same as what David asked below. Also, Ron, I think you have shown than there isn't much overlap
BrandonSent from my phone. If you would like a digital signature of this message let me know and I'll sign it later.
On Mar 5, 2010, at 18:46, David Fifield <david () bamsoftware com> wrote:
On Fri, Mar 05, 2010 at 09:19:19AM -0600, Ron wrote:On Thu, 4 Mar 2010 22:27:16 +0000 Brandon Enright <bmenrigh () ucsd edu> wrote:Surprisingly, there doesn't seem to be a strong correlation between the rockyou passwords and the phpbb passwords. The top 500 phpbb passwords almost all appear somewhere on the rockyou list, but there doesn't appear to be a strong correlation between the rankings. That being said, the top 1000 Rockyou.com passwords would crack 742 phpbb passwords. The passwords just aren't in the top 1000 phpbb passwords -- they're all over the place.Ron, what percentage of the PHPBB password would we crack with the current 200 versus your new suggested 200? Do we see a similar increase?I think the problem is the scales. phpbb only has 30,000 or so passwords (correct me if that's wrong), so it isn't a huge statistical base. Rockyou.com, on the other hand, had 33,000,000 passwords, 1000x more, which gives a much better base for statistics.Anyway, enough talking, I'll give some raw numbers. I took the stats as, "The top X Rockyou.com passwords would crack Y phpbb passwords" -- this doesn't take volumes into account.Rockyou_PWs Cracked_phpbb 10 9 100 93 200 182 500 413 1000 742 5000 2118 20000 3583 50000 4492And what does the Cracked_phpbb column look like with the top 10, 100, and 200 passwords from current passwords.lst? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Replacing passwords.lst Ron (Mar 04)
- Re: Replacing passwords.lst Brandon Enright (Mar 04)
- Re: Replacing passwords.lst Ron (Mar 05)
- Re: Replacing passwords.lst David Fifield (Mar 05)
- Re: Replacing passwords.lst Brandon Enright (Mar 05)
- Re: Replacing passwords.lst Brandon Enright (Mar 05)
- Re: Replacing passwords.lst Ron (Mar 05)
- Re: Replacing passwords.lst Kris Katterjohn (Mar 05)
- Re: Replacing passwords.lst Ron (Mar 05)
- Re: Replacing passwords.lst Ron (Mar 05)
- Re: Replacing passwords.lst Brandon Enright (Mar 05)
- Re: Replacing passwords.lst Fyodor (Mar 06)
- Re: Replacing passwords.lst Ron (Mar 06)
- Re: Replacing passwords.lst David Fifield (Mar 06)
- Re: Replacing passwords.lst Martin Holst Swende (Mar 06)
- Re: Replacing passwords.lst Brandon Enright (Mar 04)
- Re: Replacing passwords.lst David Fifield (Mar 12)