So there’s this software company over in China that recently had around 6 million email address/passwords leaked to the internet.

Here is a list of the top most common passwords in that list, ranked in order of appearance.

If you use any passwords similar, or the exact same, as the passwords on this list – fix it!

These passwords all have things in common – easily guessable, repeating patterns, simple phrases.

Having used software built to use both brute force based & dictionary based password attacks I can give this piece of advice:

15-25 characters long, at least one capitol, at least one lower case, at least one number, at least one special character, no patterns, no real world words.

A good example of a strong password is    Zingerpop.48$##$

Let me take a moment to break down why that is a strong password.  If i were using a dictionary based attack on this password I would get nowhere. If I were using a brute force attack, I would have to use the lowercase character set(26), the upper case character set(26), the numeric character set(10), and the special character set(32). 26+26+10+32=94. For every “letter” in that password you can have 94 different characters.  Compared to a simple password like apple it is much more secure.

Lets compare:

apple – Using a dictionary attack this password would be cracked in probably under 30 minutes. Using a brute force attack … lets see: 5 chars long. charsets: alpha-lower (26 letters in the alphabet) 26^5=26*26*26*26*26=11,881,376 iterations. Password cracker working at lets say 1500 attempts per minute(basic multi session brute force attempts on say a generic email account from some punk turd’s computer in his mommas basement) = 5.5 days till cracked by brute force, not good. If the password was used for a locally encrypted file, the attack could be executed much much faster and crack it within a few seconds.

Zingerpop.48$##$ – Using a dictionary attack this password would never, ever be cracked. It’s just simply too random & complex. Using a brute force attack… lets see: 16 chars long. charsets: alpha-lower(26), alpha-upper(26), alpha-numeric(10), alpha-special(32) = 94. 94^16=94*94*94*94*94*94*94*94*94*94*94*94*94*94*94*94=3.71574290834’31 iteration attempts. At 1500 attempts per minute it would take 4.71301738755’22 years.. Thats 47,130,173,875,500,000,000,000 years…. 47 sextillion years. That’s a really, really long time.

So, by simply adding a few upper case letters, numbers, special characters & using a proper password length, you can increase the time it takes to crack your password from a week to more time than we  have left in the expected lifespan of our galaxy, the Milky Way.

So, on to the most common passwords list!

(‘123456789’, 235039)
(‘12345678’, 212761)
(‘11111111’, 76348)
(‘dearbook’, 46053)
(‘00000000’, 34953)
(‘123123123’, 20010)
(‘1234567890’, 17794)
(‘88888888’, 15033)
(‘111111111’, 6995)
(‘147258369’, 5966)
(‘987654321’, 5555)
(‘aaaaaaaa’, 5460)
(‘1111111111’, 5145)
(‘66666666’, 5026)
(‘a123456789’, 4435)
(‘11223344’, 4096)
(‘1qaz2wsx’, 3672)
(‘xiazhili’, 3649)
(‘789456123’, 3610)
(‘password’, 3503)
(‘87654321’, 3282)
(‘qqqqqqqq’, 3277)
(‘000000000’, 3176)
(‘qwertyuiop’, 3143)
(‘qq123456’, 3094)
(‘iloveyou’, 3085)
(‘31415926’, 3063)
(‘12344321’, 2985)
(‘0000000000’, 2886)
(‘asdfghjkl’, 2826)
(‘1q2w3e4r’, 2797)
(‘123456abc’, 2581)
(‘0123456789’, 2578)
(‘123654789’, 2573)
(‘12121212’, 2540)
(‘qazwsxedc’, 2516)
(‘abcd1234’, 2397)
(‘12341234’, 2381)
(‘110110110’, 2348)
(‘asdasdasd’, 2298)
(‘22222222’, 2243)
(‘123456’, 2180)
(‘123321123’, 2166)
(‘abc123456’, 2160)
(‘a12345678’, 2138)
(‘123456123’, 2113)
(‘a1234567’, 2108)
(‘1234qwer’, 2100)
(‘qwertyui’, 1989)
(‘123456789a’, 1987)
(‘aa123456’, 1971)
(‘asdfasdf’, 1920)
(‘99999999’, 1891)
(‘999999999’, 1859)
(‘123456aa’, 1859)
(‘123456123456’, 1854)
(‘520520520’, 1699)
(‘963852741’, 1656)
(‘741852963’, 1652)
(‘55555555’, 1652)
(‘33333333’, 1589)
(‘qwer1234’, 1481)
(‘asd123456’, 1384)
(‘77777777’, 1339)
(‘qweasdzxc’, 1316)
(‘code8925’, 1285)
(‘11112222’, 1273)
(‘ms0083jxj’, 1268)
(‘zzzzzzzz’, 1245)
(‘111222333’, 1214)
(‘qweqweqwe’, 1206)
(‘3.1415926’, 1200)
(‘123456qq’, 1183)
(‘147852369’, 1148)
(‘521521521’, 1136)
(‘asdf1234’, 1122)
(‘123698745’, 1111)
(‘1123581321’, 1109)
(‘asdfghjk’, 1058)
(‘q1w2e3r4’, 1054)
(‘12345678a’, 1039)
(‘!@’, 1006)
(‘woaini1314’, 1005)
(‘1234abcd’, 991)
(‘123qweasd’, 988)
(‘1qazxsw2’, 977)
(‘woaiwojia’, 968)
(‘321321321’, 920)
(‘05962514787’, 910)
(‘123456987’, 894)
(‘kingcom5’, 892)
(‘zxcvbnm123’, 882)
(‘5845201314’, 882)
(”, 863)
(‘0987654321’, 853)
(‘wwwwwwww’, 847)
(‘11111111111111111111’, 835)
(‘12345600’, 805)
(‘11235813’, 783)
(‘1q2w3e4r5t’, 777)

Injury Log Update

In addition to the whole hand impalement thing, my neck is acting up again. A couple months ago I went to the ER with horrible neck pain, they said I had a “muscle spazm”. While I tried to tell the ER folks that I could hear the joints in my neck making noise & that it has to be more than just some sore muscle they disregarded it, gave me some muscle relaxers & sent me home.

Fast forward to this last weekend, had a camp out with the guys, slept with a good pillow, but probably should have used two. Woke up with mild neck pain & by Sunday night I couldn’t even roll myself out of bed to go to the bathroom. Went to my normal doctor (Dr. Christopher Hayes great guy) and he immediately recommended an MRI after seeing the pain I was in & hearing the snap crackle pop of my neck while listening to my deep breaths with a stethoscope.

Now its Thursday, been in horrible pain for 5 days, still in a neck brace. Every time I make a slight movement at night it shocks me awake. Exhausted & tired of hurting. MRI is scheduled for 12:30 this afternoon. Will update later with results.

MRI results: disc protrusion (bulging disc) between C5 & C6 (see example picture below) on the INSIDE of the spinal column so that it’s putting pressure on the left side of my spinal cord & pedicle nerve off-shoots from the main spinal cord.. That explains the numb/tingly left arm & shaky left leg thing. Treatment is to continue taking anti-inflammatory, muscle relaxer & steroid pack till pain goes away, then to take it nice & easy as to not damage it again to where it bulges out real bad again. For the long term if it continues to be a problem and doesn’t completely go away there is some other steroidal treatment that will be done with a specialist.

I’ll try to get copies of the MRI scans & put em up.

(not my neck, just an example. bulging disc is between C5 & C6)