Every time I receive a PDF from a bank/insurance/whatever that says "we protected it by passwording it with you lastname + dob" I sigh. But I've never checked to see how easy / time consuming it is.

I tested with hashcat + list of surnames(github) + pdf I just received: 47s

@xssfox so…. pretty much faster to crack the password than to type it in 🤦🏻‍♂️

(I’m sure this comes from the same thinking that gave us 30 or 90 day password rotation.)

@ewenmcneill I think I was pretty lucky though as I the estimate I saw when it started was 7 minutes. I looked away and it was done so I didn't get a chance to check once it was running at speed :P

Sign in to participate in the conversation
Cloud Island

A paid, early access, strongly moderated Mastodon instance hosted entirely in Aotearoa New Zealand.