Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The [capital, number, special] scheme reminds me of the passwords at my uni. Everyone got a plaintext stored (you could recover and get the pw back, I doubt there was any encryption) 7 digit (yes digit, not alphanumeric) password for your account. After a while these were "upgraded" to 8 and must contain a letter. So the amount of [7 digits]+a passwords were massive. They then upgraded to "must contain a lower and upper case" and you got [7 digits]+a+A passwords, after which a special character must be included and the [7 digit]+a+A+! was born...

Security is no issue if you don't care. They did abolish unhashed storage after a while (and a while is really quite recent).



Ha, pretty much exactly this stand up bit: https://youtu.be/aHaBH4LqGsI?si=Zs2IvRUqtIrn9KH8 .


Good god I loathe that disgusting slime of a man. Even worse than James Corden, and that's saying something.


Reminds me of default passwords on wifi routers a decade ago - ATT especially had a very identifiable SSID format (ATT###), and a default 10-digit password. That leaves you with (9,999,999,999 + 1 =) 10 billion[1] passwords possible, which even at that time only took a couple hours to test all of them. That SSID pattern also left you with only 1,000 possible SSIDs, so a rainbow table was definitely reasonable.

[1] - though now that I think about it, that might not properly cover the case of leading zeroes in the password, so the total number of possible passwords might be larger than 10B; that's assuming a naïve password list generated just from numbers, not from treating the digits as characters, so I need to reason about this a bit more...


It's O(10 billion), so your intuition is good regardless :) passwords with ten 10-digits: 10x10x... = 10^10 = 10 billion, passwords with nine digits = 10^9, etc etc down to 11,111,111,110 (I don't think we should count the empty password). The full length password dominates the size of the keyspace so much that you more or less get truncations for free.


Eh, that's still better than my days at Uni where my student ID was my Social Security Number and grades were posted outside the classroom as a sheet with everyone's SSN and their scores.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: