It didn’t take long because everyone had a password that was in the dictionary.
Needless to say, people were not happy with the messenger.
So I threw the OpenMP variant of John the Ripper at it (I'd just built a 8C/16T Ryzen machine and was curious) it broke ~80% of the passwords in under an hour and all of them over an afternoon of not been in use.
Went to see the boss and gave him the list of passwords including his (which was one of the weaker ones) - he gave me the time to fix it and some other glaring security issues.
The more things change the more they stay the same.
I know enough about security to know that I really don't know about security.
A coworker and I stumbled into this one morning when I was helping him figure out how to remotely invoke a linux command from a windows gui. I don't recall why we were using rsh as we'd normally ssh into our servers. As we sat there trying to figure out how to enter the password, we decided to just try and run the command w/o a password. We were shocked when it just worked - we were never prompted for a password. When I reported this to my director, he asked me how bad it was. I was like, watch this: I sent an email as the CEO to him saying "you're fired.". He immediately went to our infrastructure team to get it fixed. Fun times...
I'm not sure anyone ever gets past this point. There's way too much for any person to know and not enough hours in a day or days in a year or years in a lifetime to master everything. Even when it comes to computers in general at some level it just becomes magic to me. I might be able to point to a chip and say "that's the sound chip" or "that's a math co-processor", and even write software for it, but I have no idea what goes on inside and I wouldn't know where to even start trying to build one from scratch.
It was actually decently well received by the department head; he sent out a memo to the staff to not use their wives names for emails and looked like an early computer security innovator in the physics department.
In hindsight some teacher must have spoken up for me to come up with the solution when they were trying to come up with an appropriate response.
I had to go apologise to IT (who could barely keep a straight face) at college for sending a message from 'God' saying "I saw what you did last night and it disgusted me".
I thought it was going to just the lab but since I was poking around in something I really didn't understand I manage to send it out site wide.
Fortunately they saw the funny side.
Around the same time, someone at my school made a much, much worse semi-accidental prank. Semi-accidental because he didn't think it would work. See, the campus list serve was setup to only allow certain senders to send messages. Makes sense, only a few top administrators should be able to do that. This person theorized that a simple <smtp: from> hack, using an authorized person's email, might circumvent the restriction. He was right! Unfortunately, rather than "test 1 2 3" or something, he sent a message, from the president, that all classes had been cancelled. Had he stopped there, maybe it would have been chalked up to a prank. But he went further: The president would be using this free time to, um, entertain amorous visitors at their leisure. So, yeah, expelled. His excuse, when interviewed by the student newspaper, was "I didn't think it would work."
I've been able to do it at every university I've studied or worked at.
I'm actually not sure anymore what the details of their return email was, as it was over 25 years ago. But it was basically, "We will report you to law enforcement if you contact us again."
"No one will ever guess this!"
Actually that was the first time that i heard the word Linux and learned the meaning just few years later.