Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove my password from lists so hackers won't be able to hack me #155

Closed

Conversation

assafnativ
Copy link

No description provided.

@@ -344,7 +344,6 @@ blue
liverpool
theman
bandit
dolphins
Copy link

@mitcom mitcom Dec 21, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@assafnativ please remember to update the filename. 10_million_password_list_top_1000.txt is not accurate right now, actually there are only 999 passwords

dolphins-save

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it should be renamed to 10_million_password_list_top_1000_except_dolphins.txt

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Привет от дев нулла)0

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Golden

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also any sites tested against the revised list should include some kind of logo to confirm that Dolphin is now allowed as a safe password. Might I suggest: http://savedolphins.eii.org/files/dsf/Dolphin_Safe.png

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@liuzhiyuan1993 哦哦,谢谢ଲଇଉକ

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a idiom in China, "此地無銀三百兩", which means telling your secret yourself.
For security, you had better close the issue and fully delete it if possible.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To add on to the translation of the idiom, that phrase literally means writing a sign that says "I did NOT bury 300 grand in this spot"

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JohnLBevan

Might I suggest: http://savedolphins.eii.org/files/dsf/Dolphin_Safe.png

I thinks they can safely merge it. The issue is the dolphin-proof now. 😄

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dolphins have communicated to us members of the Fourth International Posadist that they sign off on this request, as exposing them before their plan reaches completion could jeopardize the workers of the world. :shipit: 🐋

@mikield
Copy link

mikield commented Dec 21, 2017

This is a security hole. This pull request should be accepted as soon as possible.

@rooterkyberian
Copy link

I'm also affected by this, please merge ASAP

@mitcom
Copy link

mitcom commented Dec 21, 2017

@assafnativ @rooterkyberian could you provide any testing data like service addresses and logins so we could check and test to estimate the real impact of this change?

@ksx4system
Copy link

ROTFLMAO!

@Wingless-Archangel
Copy link

Wingless-Archangel commented Dec 21, 2017 via email

@Fake51
Copy link

Fake51 commented Dec 21, 2017

@mitcom you mean, like the publicly available email address and blog address on his github page?

@WielkiZielonyMelon
Copy link

@assafnativ They see me trollin, they hatin...

@denzuko
Copy link
Contributor

denzuko commented Dec 21, 2017

I think it goes with out saying:

Trololololo

@quantuminformation
Copy link

4 random words are really easier than the gibberish?

Copy link

@dmytrokyrychuk dmytrokyrychuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 👍

@FernandoMiguel
Copy link

@KyrychukD wtf

@wifiuk
Copy link

wifiuk commented Dec 21, 2017

Can you please add my password
dolphins

To this list so I can test it against insecure services..

@mitcom
Copy link

mitcom commented Dec 21, 2017

If anybody here is affected too I can suggest temporally change the password to one from https://mostsecure.pw/

@wifiuk
Copy link

wifiuk commented Dec 21, 2017

Is dolphin1 on the list. ;) That's secure as it has a 1

@atastycookie
Copy link

Dolphin1!

@wifiuk
Copy link

wifiuk commented Dec 21, 2017

Ah good idea, hackers will never try that..

@chipironcin
Copy link

Same here.
Steps to reproduce:

  1. Go to https://accounts.google.com/ServiceLogin
  2. Username: chipironcin@gmail.com Password: dolphins
  3. ????
  4. Profit

@dsuurlant
Copy link

Is my password hunter2 safe

@apetresc
Copy link

@dsuurlant I just see *******

@Kumar-Kishan
Copy link

is my password thisissparta safe????????

@espadrine
Copy link

is my password thisissparta safe????????

Absolutely, if changed!

@miguemely
Copy link

miguemely commented Dec 21, 2017 via email

@JayKey
Copy link

JayKey commented Dec 21, 2017 via email

@equero
Copy link

equero commented Dec 21, 2017

nice, my 122112 password still alive...

@rbnpercy
Copy link

At least I know Alligator1 will never be guessed.

Copy link

@nebril nebril left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can confirm, is safe.

@0xmohit
Copy link

0xmohit commented Dec 21, 2017

@assafnativ, you had the same password as mine?

@mitcom
Copy link

mitcom commented Dec 21, 2017

@assafnativ, you had the same password as mine?

@0xmohit not anymore, I've just change yours

@ColdGrub1384
Copy link

Hahahhahaha pure genius

@nzec
Copy link

nzec commented Feb 26, 2018

If there are so many approvals, why isn't this merged yet?

@jens1o
Copy link

jens1o commented Feb 26, 2018

I hoped that this pull request would die at some point, but there's still something going on(even after two(!) months)...

@elijahcruz12
Copy link

@jens1o of course it is, it was unexpected and pretty funny. Even with all these approved, there is of course no merge, even though @assafnativ probably wants a merge.

@0E800
Copy link

0E800 commented Feb 27, 2018

Thread muted. (didn't know it was an option till now)
Give it a rest.

@domino14
Copy link

is annoyed about all the comment spam
generates another piece of spam complaining about the spam

@Ekultek
Copy link

Ekultek commented Feb 27, 2018 via email

@SharpOB
Copy link

SharpOB commented Feb 27, 2018

S P A M
P
A
M

@shtukas
Copy link

shtukas commented Feb 28, 2018

Jezz ! For technologists we are not very good at this internet thing, are we ?

The correct way to use a thread like this, is to participate to it and then mute it.

This let the early participants, who eventually get tired of subsequent updates, not to be spammed [1], while allowing the genuine new people discovering this to be a part of it and to experience it with the same amusement as we all, old timers, did.

Easy.

[1] I personally don't feel that, I will never mute this as I love it! And as far as my inbox is concerned I discovered my email client's delete button a long time ago, but I understand that's not the case of everybody.

@elijahcruz12
Copy link

elijahcruz12 commented Feb 28, 2018

I've been watching this since the first week and commenting on it since, I didn't mute it because it is still a great issue. If you really care that much, you can just read this to get rid of the notifications since you clearly do not know how to.

@danielmiessler
Copy link
Owner

👍 Although removal of this password would make you, and many marine biologists, more secure, we're going to have to decline at this time.

: )

Best thread ever.

@nzec
Copy link

nzec commented Mar 5, 2018

It finally died!

Good Job everyone!

@assafnativ
Copy link
Author

That was fun :)

@jonschlinkert
Copy link

My password is *****************, why does it keep showing up in every single application I use?

philnash pushed a commit to philnash/pwned that referenced this pull request Mar 12, 2018
* Performance: read the response dump line by line instead of loading the whole thing in memory

The response from the service will grow over time. There is no way to get passwords [unpwned](danielmiessler/SecLists#155), so we can safely assume the list will keep growing, adding more an more new hashes. One day it will grow large enough to start taking down servers, when users "DDoS" applications with known "big" pwned password hash prefixes.

This PR switches from "load everything to memory and find our hash" to "fetch data in chunks, and process line by line".

* Remove regular expressions usage in favour of start_with?

In Ruby `start_with?` is heavily optimized compared to regular expressions (more than 2 times faster). This PR replaces regular expressions with `start_with?`

```
 13.103359   0.734251  13.837610 ( 14.620959)
 13.238428   0.742140  13.980568 ( 14.506166)
 12.836573   0.729563  13.566136 ( 14.191792)
 12.408245   0.642944  13.051189 ( 13.333299)
```
@fgRuslan
Copy link

Do you know how does Git work?

@voidnull000
Copy link

voidnull000 commented Apr 8, 2018

Oh man, this was just hilarious to scroll through. Especially since I was scrolling FAST.

Meanwhile...

EDIT: But still, what if someone uses their ******** in the middle of a sentence?

@jamesjenner
Copy link

So long and thank's for all the fish.

@jens1o
Copy link

jens1o commented Sep 5, 2018

stop making new notifications, this page takes ages to load lol

@tdrama
Copy link

tdrama commented Sep 5, 2018 via email

@tdrama
Copy link

tdrama commented Sep 5, 2018 via email

@Flowy
Copy link

Flowy commented Sep 5, 2018

Thank you, I almost forgot about this.

@domino14
Copy link

domino14 commented Sep 5, 2018 via email

@Htarlov
Copy link

Htarlov commented Sep 5, 2018

I heard about magic button called "unsubscribe".
You click that and kaboom, no more notifications.
But maybe it's just some old rumor.

Repository owner locked as resolved and limited conversation to collaborators Sep 5, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.