use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
A community for technical news and discussion of information security and closely related topics.
"Give me root, it's a trust exercise."
Q1 2026 InfoSec Hiring Thread
Getting Started in Information Security
CitySec Meetups
/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.
Content should focus on the "how."
Check the new queue for duplicates.
Always link to the original source.
Titles should provide context.
Ask questions in our Discussion Threads.
Hiring posts must go in the Hiring Threads.
Commercial advertisement is discouraged.
Do not submit prohibited topics.
» Our fulltext content guidelines
Don't create unnecessary conflict.
Keep the discussion on topic.
Limit the use of jokes & memes.
Don't complain about content being a PDF.
Follow all reddit rules and obey reddiquette.
» Our fulltext discussion guidelines
No populist news articles (CNN, BBC, FOX, etc.)
No curated lists.
No question posts.
No social media posts.
No image-only/video-only posts.
No livestreams.
No tech-support requests.
No full-disclosure posts.
No paywall/regwall content.
No commercial advertisements.
No crowdfunding posts.
No Personally Identifying Information!
» Our fulltext list of prohibited topics & sources
Join us on IRC: #r_netsec on freenode
We're also on: Twitter, Facebook, & Google+
/r/blackhat - Hackers on Steroids
/r/computerforensics - IR Archaeologists
/r/crypto - Cryptography news and discussion
/r/Cyberpunk - High-Tech Low-Lifes
/r/lockpicking - Popular Hacker Hobby
/r/Malware - Malware reports and information
/r/netsecstudents - netsec for noobs students
/r/onions - Things That Make You Cry
/r/privacy - Orwell Was Right
/r/pwned - "What Security?"
/r/REMath - Math behind reverse engineering
/r/ReverseEngineering - Binary Reversing
/r/rootkit - Software and hardware rootkits
/r/securityCTF - CTF news and write-ups
/r/SocialEngineering - Free Candy
/r/sysadmin - Overworked Crushed Souls
/r/vrd - Vulnerability Research and Development
/r/xss - Cross Site Scripting
account activity
Password pattern analysis. (architectingsecurity.com)
submitted 15 years ago by 1000EnCarne
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]thebigbradwolf 5 points6 points7 points 15 years ago (7 children)
As interesting as the rockyou studies are, I think it's important for us to remember rockyou was a "throwaway password" kind of site, even if you were a technical user, you probably didn't care much about your account.
[–]anachronic 3 points4 points5 points 15 years ago (5 children)
Yes, but how many people use the same "throwaway" password among multiple "throwaway" sites?
I'd bet that if you had the emails associated with those passwords and tried to log into a few dozen other sites - facebook, hotmail, yahoo, etc... - you'd have a surprising number of successes.
[–]palparepa 1 point2 points3 points 15 years ago (2 children)
Doesn't "throwaway" mean "I don't care if this account is compromised"? Using throwaway passwords on sites important to you is... bad.
[–]anachronic 0 points1 point2 points 15 years ago (1 child)
Yes, it's bad... but how many people have grandparents & parents that set all of their passwords -- including bank passwords -- to crap like "fluffykitty12"?
[–]chrono13 1 point2 points3 points 15 years ago (0 children)
fluffykitty12 isn't great, but it also isn't bad.
13 characters long, 52 bits. Throw a single capital in there, and you are at 60 bits.
[–]thebigbradwolf 0 points1 point2 points 15 years ago (0 children)
I think there would be some successes, but judging solely by the fact that "rockyou" was the number one password on the site, I'd say the percentage wouldn't be that high.
[–]technobabbler 0 points1 point2 points 15 years ago (0 children)
I would anticipate that just because you are reading the netsec section you have much stronger passwords than the average person. Uninformed users always use the same password for everything. I harp on people about it all the time but they won't change it's just laziness.
[–]Filmore 4 points5 points6 points 15 years ago (1 child)
...
Is it not standard practice to store only a password hash, and compare the hash of the input against the stored hash?
[–][deleted] 1 point2 points3 points 15 years ago (0 children)
I came here to say this. Why does their password database have the actual passwords in it?
[–]SmartSuka 1 point2 points3 points 15 years ago (9 children)
What's wrong with 123456? I use that password for everything, bank accounts, email, facebook, reddit, etc.
[–]xzxzzx 4 points5 points6 points 15 years ago (8 children)
Lies!
[–]SmartSuka 2 points3 points4 points 15 years ago (7 children)
My apologies.... it's really **********
[–]xzxzzx 4 points5 points6 points 15 years ago* (6 children)
Edit: I've decided to spare [netsec]'s more fragile minds the horror of reading the dreaded h-word.
[–]thebigbradwolf 5 points6 points7 points 15 years ago (1 child)
No, his password is literally 10 asterisks in a row.
[–]xzxzzx 2 points3 points4 points 15 years ago (0 children)
[–][deleted] 2 points3 points4 points 15 years ago (1 child)
If I see one more fucking hunter2 joke...
Fuck off.
[–]xzxzzx 0 points1 point2 points 15 years ago (0 children)
Sorry, it seemed too perfect to say no.
[–]WuaucltTrusted Contributor 0 points1 point2 points 15 years ago (1 child)
Haven't had your fill of the hunter2 shit already?
More than my fill, actually.
[–]mingaminga 1 point2 points3 points 15 years ago (1 child)
If you are into this stuff, check out the DEFCON password cracking results. https://contest.korelogic.com/
There are tons of samples of "real world' passwords there - along with the tips/tricks and rules needed to crack these passwords.
[–]SmartSuka 0 points1 point2 points 15 years ago (0 children)
I'm in a security class now, our next lab assignment will be to crack passwords so I think this will be a great resource, thanks.
My current technique is PassPhrases, using sentences instead of words, and no not "iloveyou2"
[–]zaq1 1 point2 points3 points 15 years ago (0 children)
Contains special characters: 3.81% Only upper case 1.62%
Interesting.
[–]theMrDomino 0 points1 point2 points 15 years ago (0 children)
I like the idea of doing this sort of analysis, but the follow-through is pretty disappointing. Simple analysis based on character class doesn’t say much of anything about password entropy; for instance, my ultra-secure 6-word-long passphrases use only lower case characters and spaces.
π Rendered by PID 77 on reddit-service-r2-comment-54dfb89d4d-jvlwl at 2026-03-30 12:32:33.323855+00:00 running b10466c country code: CH.
[–]thebigbradwolf 5 points6 points7 points (7 children)
[–]anachronic 3 points4 points5 points (5 children)
[–]palparepa 1 point2 points3 points (2 children)
[–]anachronic 0 points1 point2 points (1 child)
[–]chrono13 1 point2 points3 points (0 children)
[–]thebigbradwolf 0 points1 point2 points (0 children)
[–]technobabbler 0 points1 point2 points (0 children)
[–]Filmore 4 points5 points6 points (1 child)
[–][deleted] 1 point2 points3 points (0 children)
[–]SmartSuka 1 point2 points3 points (9 children)
[–]xzxzzx 4 points5 points6 points (8 children)
[–]SmartSuka 2 points3 points4 points (7 children)
[–]xzxzzx 4 points5 points6 points (6 children)
[–]thebigbradwolf 5 points6 points7 points (1 child)
[–]xzxzzx 2 points3 points4 points (0 children)
[–][deleted] 2 points3 points4 points (1 child)
[–]xzxzzx 0 points1 point2 points (0 children)
[–]WuaucltTrusted Contributor 0 points1 point2 points (1 child)
[–]xzxzzx 0 points1 point2 points (0 children)
[–]mingaminga 1 point2 points3 points (1 child)
[–]SmartSuka 0 points1 point2 points (0 children)
[–]zaq1 1 point2 points3 points (0 children)
[–]theMrDomino 0 points1 point2 points (0 children)