information update regarding common password suffixes

2025-01-24 08:14:24 +03:00 · 2011-01-17 09:28:25 +00:00 · 2011-01-17 09:28:25 +00:00 · 0fcca671bd
commit 0fcca671bd
parent a835f233ac
2 changed files with 5 additions and 2 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -182,5 +182,8 @@ ERROR_PARSING_REGEXES = (

 META_CHARSET_REGEX  = r'<meta http-equiv="?content-type"?[^>]+charset=(?P<result>[^">]+)'

+# Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf
+COMMON_PASSWORD_SUFFIXES = ["1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", "69", "16", "6", "18"]
+
 # Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
-COMMON_PASSWORD_SUFFIXES = ["", "1", "2", "123", "12", "3", "7", "07", "11", "4", "5", "!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@"]
+COMMON_PASSWORD_SUFFIXES += ["!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@"]
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@ -342,7 +342,7 @@ def dictionaryAttack(attack_dict):

        suffix_list = [""]
        if test[0] in ("y", "Y"):
-            suffix_list = COMMON_PASSWORD_SUFFIXES
+            suffix_list += COMMON_PASSWORD_SUFFIXES

        infoMsg = "starting dictionary attack (%s)" % __functions__[hash_regex].func_name
        logger.info(infoMsg)