On 2020-03-22 20:44, Rob McEwen via mailop wrote:
On 3/22/2020 4:41 PM, Chris via mailop wrote:
It's been my experience that MOST of them are going to be red-herrings
+1
2 days ago, I got one of these for a domain for which I host email. I
checked the SHA-1 hash against the current password's SHA-1 hash, and it
didn't match. So it seemed like a complete waste of my time. I suspect
that the vast majority of such intercepts... are going to be situations
just like that - old passwords that were already changed years ago. I
vaguely recall this users' account getting hacked several years ago, and
the problem being fixed way back then. I don't like my time wasted
trying to fix already-fixed problems.
Frankly, I think the most likely case is that it was never a valid password.
I once administered a very large domain where *I* managed the password
database and implemented the pw quality checker.
Most of passwords I saw wouldn't possibly have passed the quality checker.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop