
Cracking My Own Reddit Password - chjohasbrouck
http://haseebq.com/the-time-i-had-to-crack-my-own-reddit-password/
======
jedberg
Clickbait title much? This basically has nothing at all to do with reddit. You
could replace the word reddit with Facebook in this article and it would be
exactly the same.

That being said, it was pretty clever to take advantage of an enumeration
attack on another service that wasn't protecting against enumeration attacks
on the feature because frankly, why would they?

~~~
wand3r
> click bait title

No. I went in expecting it to be about a guy who lost his own password to
Reddit and had to crack it.

Spoiler: That's what the article was about.

~~~
jedberg
Your expectations were low then. I expected an article about a guy who lost
his reddit password and _used the features of the reddit website_ to crack it.

This article, while interesting, is really just about general password
cracking.

~~~
wand3r
I didn't expect it to be a great article, it was ok, just pretty reasonable
title on a scale from 1-HuffPo it was a 4 for ckickbait

------
Retr0spectrum
This sort of challenge comes up in CTFs quite often. Here's a writeup of one
from PicoCTF 2017 (not mine):
[https://github.com/Caesurus/PicoCTF2017/tree/master/l3_noeye...](https://github.com/Caesurus/PicoCTF2017/tree/master/l3_noeyes)

------
stu-harvey
Working link: [https://medium.freecodecamp.com/the-time-i-had-to-crack-
my-o...](https://medium.freecodecamp.com/the-time-i-had-to-crack-my-own-
reddit-password-a6077c0a13b4)

------
hiisukun
Perhaps because I'm new to this stuff, I enjoyed the writeup. I wonder if I'm
out of place expecting a single run through of a-z 0-9 to determine the range
of chars present in the password?

It turns out (due to repeated chars) to only have 14 unique chars. This single
run through would have reduced the alphabet size (A, in the article) from 36
to 14. The 432 iterations becomes 168.

I'm sure there are other optimisations I'm missing!

------
rocqua
It seems like an interesting complication here comes from the subject line. I
idly wonder how to handle the case where the subject line had been much larger
and had much overlap with the password.

------
kordless
Considering how much effort this took, I'm wondering if learning to be more
patient might also be an option?

------
snek
mfw already posted like two weeks ago

~~~
ColinWright
You're too optimistic:

[https://news.ycombinator.com/item?id=14108223](https://news.ycombinator.com/item?id=14108223)
(17 days)

[https://news.ycombinator.com/item?id=14076918](https://news.ycombinator.com/item?id=14076918)
(20 days)

[https://news.ycombinator.com/item?id=14071188](https://news.ycombinator.com/item?id=14071188)
(21 days)

[https://news.ycombinator.com/item?id=14054289](https://news.ycombinator.com/item?id=14054289)
(23 days)

[https://news.ycombinator.com/item?id=14051671](https://news.ycombinator.com/item?id=14051671)
(24 days)

None have any comments, very few upvotes, so maybe it's worth another chance.
Personally, I found it unreadable. I'm sure others will find it fascinating
and be able to get past the IN YOUR FACE style and flashing graphics.

Oh, and FWIW, I didn't downvote you.

------
m0atz
This literally is fucking awesome.

