Remove my password from lists so hackers won't be able to hack me #155
Conversation
| @@ -344,7 +344,6 @@ blue | |||
| liverpool | |||
| theman | |||
| bandit | |||
| dolphins | |||
There was a problem hiding this comment.
@assafnativ please remember to update the filename. 10_million_password_list_top_1000.txt is not accurate right now, actually there are only 999 passwords
There was a problem hiding this comment.
I think it should be renamed to 10_million_password_list_top_1000_except_dolphins.txt
There was a problem hiding this comment.
Also any sites tested against the revised list should include some kind of logo to confirm that Dolphin is now allowed as a safe password. Might I suggest: http://savedolphins.eii.org/files/dsf/Dolphin_Safe.png
There was a problem hiding this comment.
There is a idiom in China, "此地無銀三百兩", which means telling your secret yourself.
For security, you had better close the issue and fully delete it if possible.
There was a problem hiding this comment.
To add on to the translation of the idiom, that phrase literally means writing a sign that says "I did NOT bury 300 grand in this spot"
There was a problem hiding this comment.
Might I suggest: http://savedolphins.eii.org/files/dsf/Dolphin_Safe.png
I thinks they can safely merge it. The issue is the dolphin-proof now. 😄
There was a problem hiding this comment.
The dolphins have communicated to us members of the Fourth International Posadist that they sign off on this request, as exposing them before their plan reaches completion could jeopardize the workers of the world. 
🐋
|
This is a security hole. This pull request should be accepted as soon as possible. |
|
I'm also affected by this, please merge ASAP |
|
@assafnativ @rooterkyberian could you provide any testing data like service addresses and logins so we could check and test to estimate the real impact of this change? |
|
ROTFLMAO! |
|
What the.....i don’t think this will solve the issue
…On Thu, 21 Dec 2017 at 19:33, Krzysztof Staniorowski < ***@***.***> wrote:
ROTFLMAO!
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#155 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADo_cTu0FfmnSQSxs34YcAbHMKk11h4vks5tClAygaJpZM4RJt0h>
.
|
|
@mitcom you mean, like the publicly available email address and blog address on his github page? |
|
@assafnativ They see me trollin, they hatin... |
|
I think it goes with out saying: |
|
4 random words are really easier than the gibberish? |
|
@KyrychukD wtf |
|
Can you please add my password To this list so I can test it against insecure services.. |
|
If anybody here is affected too I can suggest temporally change the password to one from https://mostsecure.pw/ |
|
Is dolphin1 on the list. ;) That's secure as it has a 1 |
|
Dolphin1! |
|
Ah good idea, hackers will never try that.. |
|
Same here.
|
|
Is my password hunter2 safe |
|
@dsuurlant I just see ******* |
|
is my password thisissparta safe???????? |
Absolutely, if changed! |
|
This is gold.
…Sent from my iPhone
On Dec 21, 2017, at 10:39 AM, Kishan Kumar ***@***.***> wrote:
is my password thisissparta safe????????
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Change it to dolphins, dolphins is safe now
21.12.2017 16:42 "Thaddée Tyl" <notifications@github.com> napisał(a):
… is my password thisissparta safe????????
Absolutely, if changed!
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#155 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACgiM34NXJyW-4C4DTitmf0OrwdXCd9Mks5tCnxqgaJpZM4RJt0h>
.
|
|
nice, my 122112 password still alive... |
|
At least I know Alligator1 will never be guessed. |
|
@assafnativ, you had the same password as mine? |
@0xmohit not anymore, I've just change yours |
|
Hahahhahaha pure genius |
|
If there are so many approvals, why isn't this merged yet? |
|
I hoped that this pull request would die at some point, but there's still something going on(even after two(!) months)... |
|
@jens1o of course it is, it was unexpected and pretty funny. Even with all these approved, there is of course no merge, even though @assafnativ probably wants a merge. |
|
Thread muted. (didn't know it was an option till now) |
|
|
Spam
… On Feb 27, 2018, at 3:56 PM, César Del Solar ***@***.***> wrote:
is annoyed about all the comment spam
generates another piece of spam complaining about the spam
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
S P A M |
|
Jezz ! For technologists we are not very good at this internet thing, are we ? The correct way to use a thread like this, is to participate to it and then mute it. This let the early participants, who eventually get tired of subsequent updates, not to be spammed [1], while allowing the genuine new people discovering this to be a part of it and to experience it with the same amusement as we all, old timers, did. Easy. [1] I personally don't feel that, I will never mute this as I love it! And as far as my inbox is concerned I discovered my email client's delete button a long time ago, but I understand that's not the case of everybody. |
|
I've been watching this since the first week and commenting on it since, I didn't mute it because it is still a great issue. If you really care that much, you can just read this to get rid of the notifications since you clearly do not know how to. |
|
👍 Although removal of this password would make you, and many marine biologists, more secure, we're going to have to decline at this time. : ) Best thread ever. |
|
It finally died! Good Job everyone! |
|
That was fun :) |
|
My password is |
* Performance: read the response dump line by line instead of loading the whole thing in memory The response from the service will grow over time. There is no way to get passwords [unpwned](danielmiessler/SecLists#155), so we can safely assume the list will keep growing, adding more an more new hashes. One day it will grow large enough to start taking down servers, when users "DDoS" applications with known "big" pwned password hash prefixes. This PR switches from "load everything to memory and find our hash" to "fetch data in chunks, and process line by line". * Remove regular expressions usage in favour of start_with? In Ruby `start_with?` is heavily optimized compared to regular expressions (more than 2 times faster). This PR replaces regular expressions with `start_with?` ``` 13.103359 0.734251 13.837610 ( 14.620959) 13.238428 0.742140 13.980568 ( 14.506166) 12.836573 0.729563 13.566136 ( 14.191792) 12.408245 0.642944 13.051189 ( 13.333299) ```
|
Do you know how does Git work? |
|
Oh man, this was just hilarious to scroll through. Especially since I was scrolling FAST. EDIT: But still, what if someone uses their ******** in the middle of a sentence? |
|
|
stop making new notifications, this page takes ages to load lol |
|
Thanks friend ... I will be glad to know you too well Mr.. Please can
you contact Me on what's app or any other social platform.. Am a noob
.. And I will be merry to gain from you...
…On Wed, Sep 5, 2018, 08:30 Jens Hausdorf ***@***.***> wrote:
stop making new notifications, this pages takes ages to load lol
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#155 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AhMBZWnRolxVID49T8yy6eDlC2ZEe4ijks5uX32zgaJpZM4RJt0h>
.
|
|
Thanks for notify me also
…On Wed, Sep 5, 2018, 08:30 Jens Hausdorf ***@***.***> wrote:
stop making new notifications, this pages takes ages to load lol
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#155 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AhMBZWnRolxVID49T8yy6eDlC2ZEe4ijks5uX32zgaJpZM4RJt0h>
.
|
|
Thank you, I almost forgot about this. |
|
pls bobs
…On Wed, Sep 5, 2018 at 6:12 AM Flowy ***@***.***> wrote:
Thank you, I almost forgot about this.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#155 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAjuZuz6PpkXqS-dmKObe_I-vNB7to1gks5uX6OUgaJpZM4RJt0h>
.
|
|
I heard about magic button called "unsubscribe". |
No description provided.