links for 2006-06-01

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.


  1. David Malone
    Posted June 2, 2006 at 07:47 | Permalink

    What caused you to be slashdotted?

    I’ve always wanted to do some stats on the distribution of passwords people choose. In particular, unless the distribution of passwords is perfectly even, then the guessability of a password has (almost) nothing to do with Shannon Entropy, despite what a lot of people think. It would be interesting to see how different those things are for a real collection of passwords.

  2. Posted June 2, 2006 at 11:25 | Permalink

    His post about nofollow David, two down.

    I thought WP already had a caching system. Just not very good I suppose.

  3. Posted June 2, 2006 at 11:41 | Permalink

    yeah — it was hitting the database multiple times per post — not good at all! WP-Cache basically “freezes” the page as static HTML, I think.

    David, I wonder if it’d be possible to get that German site’s pwd list? probably not I suppose.

  4. David Malone
    Posted June 2, 2006 at 21:38 | Permalink

    I found the list of usernames and passwords on the Full Disclosure list. Looks like an interesting data set. If you believe Shannon Entropy, you think you’ll have to make 9092 guesses (if you know the password distribution). The actual mean number of guesses is more like 10969 (it is known the Shannon Entropy is an underestimate for the number of guesses needed).