You Have Not Been Pwned
June 9, 2021 10:36 AM   Subscribe

Various outlets are currently shouting about RockYou2021, a 'jaw-dropping' leak that allegedly contains 8.2 billion passwords. Troy Hunt of HaveIBeenPwned.com calmly explains what RockYou2021 actually is, and why we should not panic this time.
posted by Cardinal Fang (18 comments total) 9 users marked this as a favorite
 
tl;dr: there's no usernames attached to the passwords.

Since any place that isn't incompetent both salts and hashes their passwords along with using a few thousand rounds of PBKDF2 on the password it won't do a damn thing for the most part.
posted by Your Childhood Pet Rock at 11:03 AM on June 9 [3 favorites]


A bit more TLDR: a lot of it's apparently just regular words: (Among other things, it contains “every word in the Wikipedia databases” and words from the Project Gutenberg free ebook collection from the calmly-irritated tweet thread from Troy Hunt)

By that measure, metafilter itself is a massive password file!
posted by Drastic at 11:06 AM on June 9 [3 favorites]


(The 'jaw-dropping' first link also makes my NoScript plugin start yelling "whoa up there with the cross-site scripting, expressdotco!" and god help anyone visiting it without an adblocker and devil take the hindmost; it's bad enough with one!)
posted by Drastic at 11:11 AM on June 9 [2 favorites]


This is totally the kind of thing me and my friends would think to do when we were 14 year old "phone phreaks" to get our group's name out.
posted by gwint at 11:30 AM on June 9 [6 favorites]


Thank goodness they didn't list the nine billion names of God, which is why, without any fuss, the stars were not going out.
posted by sonascope at 11:43 AM on June 9 [34 favorites]


I just looked at the sky at my place and I can't see any stars, fwiw
posted by flabdablet at 1:06 PM on June 9 [9 favorites]


Hasgodbeenpwned dot com
posted by mhoye at 2:06 PM on June 9 [6 favorites]


This is a list of words? Or strings of characters? If i started typing and made sure i never duplicated, i could produce the same thing? And this is bad? Honestly, i don’t understand.
posted by double bubble at 3:10 PM on June 9 [2 favorites]


Every word? Well then, my greatest contrafibularities! Anaspetic? Prasmotic? [source]
posted by chavenet at 4:26 PM on June 9 [4 favorites]




Good thing my passwords are usually 8.2 billion words long.

The bad thing is I usually wear out a few keyboards if I ever get logged out of something.

The really clever part of this is that I get lots of billable hours just signing in to check my work email since it forces logouts on a daily basis.
posted by loquacious at 6:48 PM on June 9 [2 favorites]


This is totally the kind of thing me and my friends would think to do when we were 14 year old "phone phreaks" to get our group's name out.

Wait, get your name out to *whom*? Script kiddy noobs that couldn't recognize a rainbow table if it bifurcated inside their ass and deposited the entire text of the OED?

(I kid, I kid. I would have done that, too.)
posted by loquacious at 6:55 PM on June 9 [1 favorite]


Every word?

I hope you're not engaging in floccinaucinihilipilification.
posted by HiroProtagonist at 8:58 PM on June 9 [1 favorite]


This is a list of words? Or strings of characters?
Yes.
If i started typing and made sure i never duplicated, i could produce the same thing?
Yes.
And this is bad?
No, but some people want you to believe it is, for clickbait.
Honestly, i don’t understand.
No, your first instinct was right, you're good.
posted by Merus at 9:04 PM on June 9 [3 favorites]


Floccinaucinihilipilification schmoccinaucinihilipilification.
posted by flabdablet at 9:45 PM on June 9 [3 favorites]


Aaaaagh! Flabdablet guessed my password!
posted by dutchrick at 3:07 AM on June 10 [1 favorite]


It's OK. For everybody except you it just shows as *******************************.
posted by flabdablet at 4:48 AM on June 10 [5 favorites]


Damn, and I had become so attached to drowssap.
posted by BigHeartedGuy at 8:55 AM on June 10


« Older Some women just know they want an abortion   |   Now Hear This Newer »


You are not currently logged in. Log in or create a new account to post comments.