Scribd
Upload
129 views4 pages

Starter Discussion Questions?: What Are The 10 Most Commonly Used Passwords?

The document discusses weak passwords and includes a table with user IDs, names, usernames, and hashed passwords. Some users likely have weak passwords based on usernames matching passwords or passwords being among the most common. Hashes alone don't reveal the original password but some matches known weak password hashes. The discussion suggests generating hashes of simple PIN codes to identify original PIN passwords.

Uploaded by

Timothy Imiere
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
129 views4 pages

Starter Discussion Questions?: What Are The 10 Most Commonly Used Passwords?

The document discusses weak passwords and includes a table with user IDs, names, usernames, and hashed passwords. Some users likely have weak passwords based on usernames matching passwords or passwords being among the most common. Hashes alone don't reveal the original password but some matches known weak password hashes. The discussion suggests generating hashes of simple PIN codes to identify original PIN passwords.

Uploaded by

Timothy Imiere
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Starter discussion questions?

What are the 10 most commonly used passwords?

• 123456
• 123456789
• qwerty
• password
• 1234567
• 12345678
• 12345
• iloveyou
• 111111
• 123123
What is a hashing algorithm?
A hashing algorithm is a cryptographic hash function (a mathematical algorithm) that encrypts whatever
data is inputted.

Scenario:
A network administrator has access to a database of user details for their own website. Passwords are
not stored in plaintext but a hash of each users’ password is stored.
The admin suspects some of the users have weak passwords that are compromising the security of the
network.
Your job is to discover which users have weak passwords so that the admin can force them to reset their
passwords before their accounts are hacked.
ID firstname surname username hash
1 Anthony Johnson ajohnson0 F075E48000CE019587C1953BB925DCCD
2 Karen Fisher kfisher1 E10ADC3949BA59ABBE56E057F20F883E
3 Carlos Williamson cwilliamson2 B0F1296F3E4457FB6EBA127F3B5CCA73
4 Jeffrey Howell jhowell3 715368C1933E8DD6B8DCB7C6B3D2DBD7
5 Mildred Torres mtorres4 5F4DCC3B5AA765D61D8327DEB882CF99
6 Marilyn Butler mbutler5 5AD65DDD958F193CC576D8CA6A017BBC
7 Samuel Lawrence slawrence6 841981280AF265485B929571466D82F9
8 Keith Wells kwells7 35C62F282F9E85AB3E6D7382B3FC72D3
9 Gregory Nguyen gnguyen8 E75029090B49A3712BFFBC49A623713E
10 Diana Gardner dgardner9 D8578EDF8458CE06FBC5BB76A58C5CA4

Research and discussion Question


Which users have weak passwords?

Karen Fisher with 123456


Mildred Torres with password
Keith Wells with kwells7 (same as username)
Diana Gardner with qwerty

Can you tell from the hash alone? Hint – 3 hashes below are the result of using the MD5 hash function
on one of the top 5 passwords used in 2017

Notes:

Create a MD5 generator tool in python:


You can generate hashes in python with the hashlib module
You can find and run a copy of this code here: https://create.withcode.uk/python/Qj

Extension ideas:
• Ask the user to input a salt as well as a password to your MD5 hash for additional security
(HINT – a salt is random data that is used as an additional input to a one-way function that
"hashes" data, a password or passphrase)

• Generate a SHA256 hash as well as a MD5

• Generate a SHA512 hash as well as MD5

• Write a program that will load a file and generate a MD5 digest of its contents

• Each of the following hashes are generated from a password that is a 4 digit numerical pin code.
Write a program that will discover the password for any of the hashes below:

ID firstname surname username hash


1 Ernest Reed ereedk B8002139CDDE66B87638F7F91D169D96
2 Peter Wells pwellsl 7EA25C95B0792CA4CE01EA18BBDA2D44
3 Edward Martin emartinm D39934CE111A864ABF40391F3DA9CDF5
4 Martin Weaver mweavern 024D2D699E6C1A82C9BA986386F4D824
5 Jean Hunter jhuntero D77C703536718B95308130FF2E5CF9EE
6 Catherine Garza cgarzap 67606D48E361CE176CA71FD54FCF4286
7 Jacqueline Welch jwelchq B29EED44276144E4E8103A661F9A78B7
8 Joseph Ramos jramosr 109D2DD3608F669CA17920C511C2A41E
9 Judy Perry jperrys 64D52E08CC03E6090BC1EF30B73CCB85
10 Antonio Sanchez asanchezt E643B33B3019892367371B27BC0E63C2

Note: all user details in this example are randomly generated.

You might also like