Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove my password from lists so hackers won't be able to hack me #155

Closed

Conversation

@assafnativ
Copy link

@assafnativ assafnativ commented Dec 21, 2017

No description provided.

@@ -344,7 +344,6 @@ blue
liverpool
theman
bandit
dolphins

This comment has been minimized.

@mitcom

mitcom Dec 21, 2017

@assafnativ please remember to update the filename. 10_million_password_list_top_1000.txt is not accurate right now, actually there are only 999 passwords

dolphins-save

This comment has been minimized.

@D3X

D3X Dec 21, 2017

I think it should be renamed to 10_million_password_list_top_1000_except_dolphins.txt

This comment has been minimized.

@mrcolts

mrcolts Dec 22, 2017

Привет от дев нулла)0

This comment has been minimized.

@masterrr

masterrr Dec 22, 2017

Golden

This comment has been minimized.

@JohnLBevan

JohnLBevan Dec 26, 2017

Also any sites tested against the revised list should include some kind of logo to confirm that Dolphin is now allowed as a safe password. Might I suggest: http://savedolphins.eii.org/files/dsf/Dolphin_Safe.png

This comment has been minimized.

@DavidYoung93

DavidYoung93 Jan 2, 2018

@liuzhiyuan1993 哦哦,谢谢ଲଇଉକ

This comment has been minimized.

@yangzhaofeng

yangzhaofeng Jan 3, 2018

There is a idiom in China, "此地無銀三百兩", which means telling your secret yourself.
For security, you had better close the issue and fully delete it if possible.

This comment has been minimized.

@lirao

lirao Jan 5, 2018

To add on to the translation of the idiom, that phrase literally means writing a sign that says "I did NOT bury 300 grand in this spot"

This comment has been minimized.

@hinell

hinell Jan 14, 2018

@JohnLBevan

Might I suggest: http://savedolphins.eii.org/files/dsf/Dolphin_Safe.png

I thinks they can safely merge it. The issue is the dolphin-proof now. 😄

This comment has been minimized.

@jasonmp85

jasonmp85 Feb 22, 2018

The dolphins have communicated to us members of the Fourth International Posadist that they sign off on this request, as exposing them before their plan reaches completion could jeopardize the workers of the world. :shipit: 🐋

@mikield
Copy link

@mikield mikield commented Dec 21, 2017

This is a security hole. This pull request should be accepted as soon as possible.

@rooterkyberian
Copy link

@rooterkyberian rooterkyberian commented Dec 21, 2017

I'm also affected by this, please merge ASAP

@mitcom
Copy link

@mitcom mitcom commented Dec 21, 2017

@assafnativ @rooterkyberian could you provide any testing data like service addresses and logins so we could check and test to estimate the real impact of this change?

@ksx4system
Copy link

@ksx4system ksx4system commented Dec 21, 2017

ROTFLMAO!

@Wingless-Archangel
Copy link

@Wingless-Archangel Wingless-Archangel commented Dec 21, 2017

@Fake51
Copy link

@Fake51 Fake51 commented Dec 21, 2017

@mitcom you mean, like the publicly available email address and blog address on his github page?

@WielkiZielonyMelon
Copy link

@WielkiZielonyMelon WielkiZielonyMelon commented Dec 21, 2017

@assafnativ They see me trollin, they hatin...

@denzuko
Copy link
Contributor

@denzuko denzuko commented Dec 21, 2017

I think it goes with out saying:

Trololololo

@quantuminformation
Copy link

@quantuminformation quantuminformation commented Dec 21, 2017

4 random words are really easier than the gibberish?

Copy link

@dmytrokyrychuk dmytrokyrychuk left a comment

Looks good 👍

@FernandoMiguel
Copy link

@FernandoMiguel FernandoMiguel commented Dec 21, 2017

@KyrychukD wtf

@wifiuk
Copy link

@wifiuk wifiuk commented Dec 21, 2017

Can you please add my password
dolphins

To this list so I can test it against insecure services..

@mitcom
Copy link

@mitcom mitcom commented Dec 21, 2017

If anybody here is affected too I can suggest temporally change the password to one from https://mostsecure.pw/

@wifiuk
Copy link

@wifiuk wifiuk commented Dec 21, 2017

Is dolphin1 on the list. ;) That's secure as it has a 1

@atastycookie
Copy link

@atastycookie atastycookie commented Dec 21, 2017

Dolphin1!

@wifiuk
Copy link

@wifiuk wifiuk commented Dec 21, 2017

Ah good idea, hackers will never try that..

@chipironcin
Copy link

@chipironcin chipironcin commented Dec 21, 2017

Same here.
Steps to reproduce:

  1. Go to https://accounts.google.com/ServiceLogin
  2. Username: chipironcin@gmail.com Password: dolphins
  3. ????
  4. Profit
@dsuurlant
Copy link

@dsuurlant dsuurlant commented Dec 21, 2017

Is my password hunter2 safe

@apetresc
Copy link

@apetresc apetresc commented Dec 21, 2017

@dsuurlant I just see *******

@Kumar-Kishan
Copy link

@Kumar-Kishan Kumar-Kishan commented Dec 21, 2017

is my password thisissparta safe????????

@espadrine
Copy link

@espadrine espadrine commented Dec 21, 2017

is my password thisissparta safe????????

Absolutely, if changed!

@miguemely
Copy link

@miguemely miguemely commented Dec 21, 2017

@JayKey
Copy link

@JayKey JayKey commented Dec 21, 2017

@equero
Copy link

@equero equero commented Dec 21, 2017

nice, my 122112 password still alive...

@rbnpercy
Copy link

@rbnpercy rbnpercy commented Dec 21, 2017

At least I know Alligator1 will never be guessed.

@nebril
nebril approved these changes Dec 21, 2017
Copy link

@nebril nebril left a comment

Can confirm, is safe.

@0xmohit
Copy link

@0xmohit 0xmohit commented Dec 21, 2017

@assafnativ, you had the same password as mine?

@mitcom
Copy link

@mitcom mitcom commented Dec 21, 2017

@assafnativ, you had the same password as mine?

@0xmohit not anymore, I've just change yours

@ColdGrub1384
Copy link

@ColdGrub1384 ColdGrub1384 commented Feb 26, 2018

Hahahhahaha pure genius

@nzec
Copy link

@nzec nzec commented Feb 26, 2018

If there are so many approvals, why isn't this merged yet?

@jens1o
Copy link

@jens1o jens1o commented Feb 26, 2018

I hoped that this pull request would die at some point, but there's still something going on(even after two(!) months)...

@elijahcruz12
Copy link

@elijahcruz12 elijahcruz12 commented Feb 27, 2018

@jens1o of course it is, it was unexpected and pretty funny. Even with all these approved, there is of course no merge, even though @assafnativ probably wants a merge.

@0E800
Copy link

@0E800 0E800 commented Feb 27, 2018

Thread muted. (didn't know it was an option till now)
Give it a rest.

@domino14
Copy link

@domino14 domino14 commented Feb 27, 2018

is annoyed about all the comment spam
generates another piece of spam complaining about the spam

@Ekultek
Copy link

@Ekultek Ekultek commented Feb 27, 2018

@SharpOB
Copy link

@SharpOB SharpOB commented Feb 27, 2018

S P A M
P
A
M

@shtukas
Copy link

@shtukas shtukas commented Feb 28, 2018

Jezz ! For technologists we are not very good at this internet thing, are we ?

The correct way to use a thread like this, is to participate to it and then mute it.

This let the early participants, who eventually get tired of subsequent updates, not to be spammed [1], while allowing the genuine new people discovering this to be a part of it and to experience it with the same amusement as we all, old timers, did.

Easy.

[1] I personally don't feel that, I will never mute this as I love it! And as far as my inbox is concerned I discovered my email client's delete button a long time ago, but I understand that's not the case of everybody.

@elijahcruz12
Copy link

@elijahcruz12 elijahcruz12 commented Feb 28, 2018

I've been watching this since the first week and commenting on it since, I didn't mute it because it is still a great issue. If you really care that much, you can just read this to get rid of the notifications since you clearly do not know how to.

@danielmiessler
Copy link
Owner

@danielmiessler danielmiessler commented Mar 4, 2018

👍 Although removal of this password would make you, and many marine biologists, more secure, we're going to have to decline at this time.

: )

Best thread ever.

@nzec
Copy link

@nzec nzec commented Mar 5, 2018

It finally died!

Good Job everyone!

@assafnativ
Copy link
Author

@assafnativ assafnativ commented Mar 5, 2018

That was fun :)

@jonschlinkert
Copy link

@jonschlinkert jonschlinkert commented Mar 9, 2018

My password is *****************, why does it keep showing up in every single application I use?

philnash added a commit to philnash/pwned that referenced this pull request Mar 12, 2018
* Performance: read the response dump line by line instead of loading the whole thing in memory

The response from the service will grow over time. There is no way to get passwords [unpwned](danielmiessler/SecLists#155), so we can safely assume the list will keep growing, adding more an more new hashes. One day it will grow large enough to start taking down servers, when users "DDoS" applications with known "big" pwned password hash prefixes.

This PR switches from "load everything to memory and find our hash" to "fetch data in chunks, and process line by line".

* Remove regular expressions usage in favour of start_with?

In Ruby `start_with?` is heavily optimized compared to regular expressions (more than 2 times faster). This PR replaces regular expressions with `start_with?`

```
 13.103359   0.734251  13.837610 ( 14.620959)
 13.238428   0.742140  13.980568 ( 14.506166)
 12.836573   0.729563  13.566136 ( 14.191792)
 12.408245   0.642944  13.051189 ( 13.333299)
```
@fgRuslan
Copy link

@fgRuslan fgRuslan commented Mar 29, 2018

Do you know how does Git work?

@adamc295
Copy link

@adamc295 adamc295 commented Apr 8, 2018

Oh man, this was just hilarious to scroll through. Especially since I was scrolling FAST.

Meanwhile...

EDIT: But still, what if someone uses their ******** in the middle of a sentence?

@jamesjenner
Copy link

@jamesjenner jamesjenner commented Sep 5, 2018

So long and thank's for all the fish.

@jens1o
Copy link

@jens1o jens1o commented Sep 5, 2018

stop making new notifications, this page takes ages to load lol

@tdrama
Copy link

@tdrama tdrama commented Sep 5, 2018

@tdrama
Copy link

@tdrama tdrama commented Sep 5, 2018

@Flowy
Copy link

@Flowy Flowy commented Sep 5, 2018

Thank you, I almost forgot about this.

@domino14
Copy link

@domino14 domino14 commented Sep 5, 2018

@Htarlov
Copy link

@Htarlov Htarlov commented Sep 5, 2018

I heard about magic button called "unsubscribe".
You click that and kaboom, no more notifications.
But maybe it's just some old rumor.

Repository owner locked as resolved and limited conversation to collaborators Sep 5, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet