Top secrets password

Submitted by Syv Ritch on 7. June 2011 - 10:48

You must have heard the news that Sony PlayStation Network has been hacked by the group LulzSec. They've hacked Sony, PBS, Fox and many others. They posted almost or all of the Sony users' information, including their passwords.

Here's a list of the most often used passwords:

  123456
  password
  111111
  12345678
  qwerty
  123456789
  123123
  qwertyui
  letmein
  abc123
  dvcfghyt
  000000
  1234567
  1234567890

Recognize any of your passwords?

  • 36% of the passwords are common words/name
  • 50% of passwords are 7 characters or less
  • 82% of passwords are lowercase alphanumeric (letters/numbers) of 9 characters or less
  • 99% of passwords don't contain a single non-alphanumeric character like the ,. or ^&*()

In case you feels smug because you have a “good” password, “they” now use cheap video graphic cards with some widely available software to crack passwords in seconds and minutes that use to be the territory of an NSA supercomputer1.

So it's time to update/change your password. Use pwgen to generate the passwords: http://pwgen.sourceforge.net/ and http://pwgen-win.sourceforge.net/ will generate “real” passwords for you. Replace your passwords on a regular basis, every 2 to 3 month.

What's that got to do with me, you ask? Plenty. Thousands and thousands of photographers have lost their Wordpress websites because of bad passwords. How many photographers were part of the Sony PlayStation Network?2

  1. Take a cheap GPU (like the Radeon HD 5770) and the free GPU-powered password busting tool called 'ighashgpu' and you have yourself a lean, mean password busting machine. How lean and mean? Working against NTLM login passwords, a password of 'fjR8n' can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second. Increase the password to 6 characters (pYDbL6), and the CPU takes 1 hour 30 minutes versus only four seconds on the GPU. Go further to 7 characters (fh0GH5h), and the CPU would grind along for 4 days, versus a frankly worrying 17 minutes 30 seconds for the GPU.

  2. Not that it would have helped in this case, the problem was with Sony getting hacked and keeping all the user information and the passwords in clear.