undefined | Better HN

0 pointsanonym294mo ago0 comments

Attackers don't come up with every entry on the wordlist they throw into hashcat themselves. The attacker's imagination has essentially zero correlation with the contents of their wordlist.

0 comments

arcfour4mo ago

Okay. How many major wordlists include emojis?

Maybe...like...a dozen entries at most across all of them?

anonym29OP4mo ago

Rest assured, the world's intelligence agencies and cybercrime rings aren't just taking vanilla open source wordlists off github and hoping they get lucky.

You don't know what your adversary's wordlist contains, and assuming you do is a recipe for overconfidence.

arcfour4mo ago

Yes, "if your enemy is state sponsored attackers" you shouldn't do many things, like use bcrypt incorrectly, or really passwords almost at all. That's obviously not what I'm saying.

1 more reply

j / k navigate · click thread line to collapse

0 pointsanonym294mo ago0 comments

Attackers don't come up with every entry on the wordlist they throw into hashcat themselves. The attacker's imagination has essentially zero correlation with the contents of their wordlist.

0 comments

arcfour4mo ago

Okay. How many major wordlists include emojis?

Maybe...like...a dozen entries at most across all of them?

anonym29OP4mo ago

Rest assured, the world's intelligence agencies and cybercrime rings aren't just taking vanilla open source wordlists off github and hoping they get lucky.

You don't know what your adversary's wordlist contains, and assuming you do is a recipe for overconfidence.

arcfour4mo ago

Yes, "if your enemy is state sponsored attackers" you shouldn't do many things, like use bcrypt incorrectly, or really passwords almost at all. That's obviously not what I'm saying.

1 more reply

j / k navigate · click thread line to collapse