Nmap Development mailing list archives
Re: [BULK] Re: Replacing passwords.lst
From: Ron <ron () skullsecurity net>
Date: Wed, 17 Mar 2010 09:33:12 -0500
On Wed, 17 Mar 2010 09:22:23 -0500 "Norris Carden" <ncarden () ascendfcu org> wrote:
Why not weight each password as a percentage of each list? If "password" is (just pulling numbers out of a hat) 7% of the RockYou list and 5% of another list, then an average of 6% across the two lists should be handling things pretty evenly. Of course dump the obviously biased "rockyou" as a password, but not necessarily from the count total for figuring the percentage.
I think the best algorithm to weight passwords would automatically exclude passwords like 'rockyou' and 'phpbb' as statistical anomalies (or, at least, weight them low enough that they are effectively excluded). That way, we'll catch other outliers at the same time that might be less obvious. -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Replacing passwords.lst, (continued)
- Re: Replacing passwords.lst Martin Holst Swende (Mar 06)
- Re: Replacing passwords.lst David Fifield (Mar 12)
- Re: Replacing passwords.lst Fyodor (Mar 12)
- Re: Replacing passwords.lst David Fifield (Mar 16)
- Re: Replacing passwords.lst Brandon Enright (Mar 16)
- Re: Replacing passwords.lst David Fifield (Mar 16)
- Re: Replacing passwords.lst Brandon Enright (Mar 16)
- Re: Replacing passwords.lst Fyodor (Mar 16)
- Re: Replacing passwords.lst Ron (Mar 17)
- RE: [BULK] Re: Replacing passwords.lst Norris Carden (Mar 17)
- Re: [BULK] Re: Replacing passwords.lst Ron (Mar 17)
- Re: Replacing passwords.lst Ron (Mar 16)
- Re: Replacing passwords.lst Fyodor (Mar 16)
- Re: Replacing passwords.lst Fyodor (Mar 16)