Submitted via IRC for TheMightyBuzzard
CynoSure Prime, a "password research collective", has reversed the hashes of nearly 320 million hashed passwords provided by security researcher Troy Hunt through the Pwned Passwords searchable online database.
Their effort, pulled off with the help of two other researchers, revealed many things:
- Interesting statistics regarding these real world passwords exposed in data breaches,
- The fact that this database also contains some 2.5 million email addresses and 230,000 email/password combinations (Hunt intends to purge that data from the database), and
- Some bugs in the Hashcat password recovery tool.
"The longest password we found was 400 characters, while the shortest was only 3 characters long. About 0.06% of passwords were 50 characters or longer with 96.67% of passwords being 16 characters or less," the collective shared.
"Roughly 87.3% of passwords fall into the character set of LowerNum 47.5%, LowerCase 24.75%, Num 8.15%, and MixedNum 6.89% respectively. In addition we saw UTF-8 encoded passwords along with passes containing control characters."
Source: https://www.helpnetsecurity.com/2017/09/05/researchers-reverse-320-million-hashed-passwords/
(Score: 2) by Pino P on Wednesday September 06 2017, @04:14PM
Yes. "The cloud" most commonly means someone else's farm of identical servers offered for lease on short notice and for short durations. Some people fear "the cloud" because application service providers have co-opted the term [gnu.org]. But in practice, the suitability of leasing such a server for a particular project depends on three things:
A generic VPS (such as Amazon EC2) or a generic NAS (such as Amazon S3) differs greatly in points 2 and 3 from a more specialized application service provider.