重点 (Top highlight)
Cracking a majority of passwords can be easier than you think. By the time you’re done with this article, you’ll know how it’s done, and will probably have all the knowledge and tools you need to crack passwords yourself (I’m not saying this as a way to encourage you to try, but rather as a warning to highlight the importance of using a strong password because of just how simple it can be to crack an easy one).
破解大多数密码比您想象的要容易。 在您读完本文时,您将知道它的完成方式,并且可能会拥有所需的知识和工具来自行破解密码(我并不是说这是鼓励您尝试的一种方法,而是作为警告来强调使用强密码的重要性,因为破解一个简单的密码可能很简单)。
A computer that can crack an 8-character password in 4.2 hours would need 5.7 trillion years to crack a 16-character one.
能够在4.2小时内破解8个字符的密码的计算机需要5.7万亿年的时间才能破解16个字符的密码。
When it comes to preserving your privacy and identity on the Internet, passwords are the most common for protection. It’s so common that most of us take its importance for granted. Every website we visit, every service we sign up for, requires a password as a form of identity verification.
当在Internet上保留您的隐私和身份时,密码是最常用的保护方法。 它是如此普遍,以至于我们大多数人都将其重要性视为理所当然。 我们访问的每个网站,我们注册的每项服务都需要使用密码作为身份验证的一种形式。
But few people take passwords seriously; as a result, many of the Internet’s passwords are 8 characters and hashed with MD5 (if you don’t know what that means, don’t worry, I’ll go into detail about it in this article), which can be cracked by someone who wants to spend $50 on some hardware. With such a threat to your current or future self, it’s time to take password creation more seriously.
但是很少有人认真对待密码。 结果,许多Internet密码都是8个字符并用MD5进行哈希处理(如果您不知道那是什么意思,请不用担心,我将在本文中详细介绍),可以通过想要在硬件上花费50美元的人。 对您当前或未来的自我造成如此威胁,是时候更加认真地创建密码了。
暴力破解密码 (Brute Forcing Passwords)
Brute-forcing, put simply, is a method for password cracking where the attacker attempts to try as many different possible password combinations as possible, based on a set of parameters. For example, a parameter could be set by a website where the password must be between 8–16 characters. In the simplest model, the password cracker may begin by trying 00000000. Then it may try 00000001, 00000010, 00000100, and so on and so forth until it has tried every possible combination of allowable characters.
简单来说,暴力破解是一种密码破解方法,攻击者会根据一组参数尝试尝试尽可能多的不同密码组合。 例如,可以由网站设置参数,密码必须在8到16个字符之间。 在最简单的模型中,密码破解程序可能首先尝试00000000。然后尝试00000001、00000010、00000100,依此类推,以此类推,直到尝试了所有可能的允许字符组合。
That’s a lot of combination of characters. The graph below illustrates the most common password lengths based on an analysis of over 320 passwords.
这是很多字符的组合。 下图根据对320多个密码的分析说明了最常见的密码长度。
The favorable length is 8: _ _ _ _ _ _ _ _. Each field can be:
有利的长度为8:_ _ _ _ _ _ _ _ _。 每个字段可以是:
- a lowercase alphabet (26 possibilities) 小写字母(26种可能性)
- an uppercase alphabet (26 possibilities) 大写字母(26种可能性)
- a number (10 possibilities 0 through 9) 一个数字(10种可能性,从0到9)
- punctuation marks or other special characters (33 possibilities) 标点符号或其他特殊字符(33种可能性)
This great answer on Stack Overflow breaks down all the math behind calculating the final number, which represents the total possibilities that the 8-character password can be: 3,025,989,069,143,040 or approximately 3 quadrillion, and each one is a separate attempt.
这个关于Stack Overflow的好答案打破了计算最终数字背后的所有数学运算,这代表了8个字符的密码的总可能性为:3,025,989,069,143,040或大约3个万亿次,每个都是单独尝试。
Brute forcing an 8-character password in the most basic way may require 3 quadrillion attempts.
以最基本的方式强行强制使用8个字符的密码可能需要进行3次四次尝试。
蛮力如何运作 (How Brute Forcing Works)
You might be imagining in your head: someone wrote a program that goes a website you frequent, types in your username, types in a password attempt, and hits the login button. Then it does this 3 quadrillion more times.
您可能在脑海中想象:某人编写了一个程序,该程序可以访问您经常访问的网站,输入您的用户名,输入密码尝试,然后单击登录按钮。 然后,它会重复执行这3个四千万次。
No, that’s not how it works. Assuming that a website takes 2 seconds to load a page, then that’s 2 seconds of wait time to get a “password incorrect” page for each try. In other words, it would up to 9 quadrillion seconds, or 287.9 million years — assuming that the website doesn’t lock the username after a certain number of suspicious attempts.
不,那不是它的工作原理。 假设网站加载页面需要2秒钟 ,则每次尝试都需要2秒钟的等待时间才能获得“密码错误”页面。 换句话说,假设网站在经过一定数量的可疑尝试后未锁定用户名,则最多需要9万亿秒,即2.879亿年。
In reality, what happens is that your username and your password are exposed from a data breach (which happens more often than you think). The password being exposed can happen in two ways:
实际上,发生的是您的用户名和密码因数据泄露而暴露 (这种情况发生的频率比您想象的要多)。 公开的密码可以通过两种方式发生:
In a very insecure scenario, your password is not hashed, and it is stored in plaintext. No reader would need to do anything but copy and paste your password. For example, if your password is password1 then it would show up as password1 for anyone viewing the contents of the data breach. Brute forcing isn’t needed in this scenario because the website already handed over your information on a silver platter.
在非常不安全的情况下,您的密码不会被散列,而是以纯文本形式存储。 除了复制并粘贴密码外,任何读者都无需执行任何操作。 例如,如果您的密码是password1,那么任何查看该数据泄露内容的人都将显示为password1 。 在这种情况下,不需要强行强制执行,因为该网站已经将您的信息移交给了一个银色的盘子。
In a more secure scenario, your password is hashed, and is not stored in plaintext. For example, if your password is password1, it would show up as 0b14d501a594442a01c6859541bcb3e8164d183d32937b851835442f69d5c94e if the website hashed your password using a SHA-256 hash function.
在更安全的情况下,您的密码是散列的,而不是以明文形式存储的。 例如,如果您的密码是password1 ,则如果网站使用SHA-256哈希函数对您的密码进行了哈希处理,则密码将显示为0b14d501a594442a01c6859541bcb3e8164d183d32937b851835442f69d5c94e 。
If you don’t know what hashing is, I go into it in more detail in the section below. If you’re familiar with it, you can skip it and continue reading from the section How Brute Forcing Works (Continued) to continue reading from where this section left off.
如果您不知道什么是哈希,我将在下面的部分中更详细地介绍它。 如果您熟悉它,可以跳过它,然后继续阅读“蛮力的工作原理 ”部分(续),以继续阅读本节中的内容。
哈希简介 (A Briefer on Hashing)
Here’s what hashing is on a basic level: it’s a process where you take any combination and length of characters (numbers, letters, special characters) and it gets transformed into a unique, unintelligible pattern of a specified number of characters and numbers. You can try a SHA-256 hash generator on this website. Try a few things:
这是散列的基本含义:在此过程中,您可以对字符(数字,字母,特殊字符)进行任意组合和长度转换,并将其转换为指定数量的字符和数字的唯一,难以理解的模式。 您可以在此网站上尝试使用SHA-256哈希生成器 。 尝试一些事情:
- type in the same word in all lowercase and all uppercase. You’ll notice that the hash is different. That’s because hashes are case-sensitive. 在所有小写字母和所有大写字母中输入相同的单词。 您会注意到哈希是不同的。 这是因为哈希值区分大小写。
- type in a bunch of random characters as quickly as possible. You’ll see that the hash is updated in virtually real-time (indistinguishable to the human eye). That’s because an effective hash function must be fast; it’s something that should happen in the background and not affect what people are doing. 尽快输入一堆随机字符。 您会看到哈希实际上是实时更新的(人眼无法区分)。 这是因为有效的散列函数必须快速。 这是应该在后台发生并且不影响人们正在做的事情的事情。
- type in a word (remember, it’s case sensitive), delete it, and then type it in again. You’ll notice that the hash is the same both times. That’s because the hash is unique to your word, and each hash is unique to each combination of characters. No two character combinations will have the same hash. 输入一个单词(请记住,区分大小写),将其删除,然后再次输入。 您会注意到哈希值两次都相同。 这是因为哈希对于您的单词是唯一的,并且每个哈希对于每个字符组合都是唯一的。 没有两个字符组合具有相同的哈希。
- type in a word, copy the resulting hash, and paste that hash into the word box. You’ll see that a new hash is generated. That’s because you can’t “unhash” a hash. It’s a one-way road, so someone with a hash will not be able to figure out the original content except through guessing. 输入一个单词,复制生成的哈希,然后将该哈希粘贴到单词框中。 您会看到生成了一个新的哈希。 那是因为您不能“取消散列”散列。 这是一条单向路,因此具有哈希值的人将无法通过猜测来找出原始内容。
- the link you clicked on has the hashing algorithm set to SHA-256. Click on MD5 (under the Hash section on the right side of the website) and type in the same word. You’ll notice that the MD5 hash result is shorter than the SHA-256 hash result. That’s because SHA-256 has 256 bits, while MD5 has 128 bits. 您单击的链接的哈希算法设置为SHA-256。 单击MD5(在网站右侧的“哈希”部分下),然后键入相同的单词。 您会注意到,MD5哈希结果比SHA-256哈希结果短。 这是因为SHA-256具有256位,而MD5具有128位。
Different hashing algorithms can be applied for different use cases. For example, hashing with MD5 is faster than hashing with SHA-256, but SHA-256 is more secure. Even SHA-256 may not be secure enough, and you may have to choose another hash function. Eventually, the most secure one will not be secure, either. That’s because with faster CPUs and GPUs (or ASICs, or even quantum computers in the future), the hash becomes easier to crack.
可以将不同的哈希算法应用于不同的用例。 例如,使用MD5进行哈希处理比使用SHA-256进行哈希处理要快,但是SHA-256更为安全。 甚至SHA-256也可能不够安全,因此您可能必须选择其他哈希函数。 最终,最安全的一个也不安全。 这是因为随着CPU和GPU(或ASIC,甚至未来的量子计算机)的速度越来越快,哈希变得更容易破解。
The speed at which a password can be cracked is also impacted by the difficulty of the algorithm. Therefore, a password hashed under SHA-256 may be safer than a password hashed under MD5.
密码破解的速度也受到算法难度的影响。 因此,在SHA-256下散列的密码可能比在MD5下散列的密码更安全。
Unfortunately, a lot of the Internet isn’t even up to the SHA-256 standard yet. An article published by ZDNet in mid-2019 claimed that 25% of major CMS’s still use MD5 hashing. For those unfamiliar, a CMS is a Content Management System, and it is what a majority of websites use to run and manage their entire frontend and backend. Popular ones include WordPress and SugarCRM. To give you a sense of their popularity, a study published by W3Techs in 2018 claimed that 30% of the Internet’s websites are powered by WordPress, and WordPress is one of the CMSs that use MD5 hashing for password storage.
不幸的是,许多Internet甚至还没有达到SHA-256标准。 ZDNet在2019年中发表的一篇文章声称, 主要CMS的25%仍在使用MD5哈希 。 对于那些不熟悉的人,CMS是一个内容管理系统,大多数网站都使用CMS来运行和管理其整个前端和后端。 流行的包括WordPress和SugarCRM。 为了让您了解它们的受欢迎程度,W3Techs在2018年发布的一项研究声称, 互联网的网站中有30%由WordPress驱动 ,并且WordPress是使用MD5哈希存储密码的CMS之一。
While an MD5 hashed password storage is better than storing passwords in plaintext, it isn’t much better. It’s choosing between living on the side of a road, or living on the side of a road with a tent. Benchmarks on a rig with 8 NVIDIA 1080ti graphics card shows Hashcat running 200 giga-hashes per second, which means it is iterating through 200,000,000,000 MD5 hashes per second, or 720 trillion MD5 hashes per hour. If you recall the hashing link I let you play with earlier, you can just think of a computer doing exactly what you were doing — typing in words and seeing what the hashes are — except at a much more rapid rate. Referring back to the 3 quadrillion combinations, that means that the 8-GPU rig could crack a password in 4.2 hours or less.
尽管MD5哈希密码存储比纯文本密码存储要好,但并没有更好。 您可以选择住在路边还是带帐篷路边之间进行选择。 配备8个NVIDIA 1080ti显卡的设备的基准测试显示, Hashcat每秒运行200千兆哈希 ,这意味着它每秒迭代2000亿个MD5哈希,即每小时720万亿个MD5哈希。 如果您回想起我之前玩过的哈希链接,则可以想到一台计算机完全按照您的所做的工作-输入单词并查看其哈希值-只是速度要快得多。 回顾3种四方组合,这意味着8-GPU装置可以在4.2小时或更短时间内破解密码。
蛮力如何工作(续) (How Brute Forcing Works (Continued))
After they obtain the information from the data breach, the hacker can start the hack. For a very simple example of what the contents of a data breach may look like, take a look at this Pastebin I found by just Googling “Pastebin md5 hash.” The password is in the form of an MD5 hash, separated from the email by a colon.
在他们从数据泄露中获取信息之后,黑客就可以开始黑客攻击。 对于一个非常简单的示例,了解数据泄露内容的外观,请看一下我通过谷歌搜索“ Pastebin md5哈希” 发现的Pastebin。 密码采用MD5哈希的形式,以冒号与电子邮件分隔。
From here, the hacker needs two things:
从这里开始,黑客需要做两件事:
- A program that will automatically try out different combinations of characters and compare the results with the hashes from the list to figure out the passwords. 该程序将自动尝试不同的字符组合,并将结果与列表中的哈希值进行比较以找出密码。
- Hardware that will be both fast and economical enough for the hacker to crack the passwords in a short amount of time without spending so much money that it makes it economically illogical for him or her to even attempt to crack the password. 硬件既快速又经济,足以使黑客在短时间内破解密码而又不花太多钱,从而使他或她尝试破解密码在经济上不合逻辑。
The first part is pretty easy. There are free, open source tools out there that do exactly as requested, such as Hashcat or John the Ripper. The second part, obtaining the hardware, may sound more complicated, but with cloud services, those parts can be sourced quickly and cheaply.
第一部分非常简单。 那里有完全按要求运行的免费开放源代码工具,例如Hashcat或John the Ripper 。 第二部分,获取硬件,听起来可能更复杂,但是使用云服务,可以快速,廉价地获取这些部分。
If you recall from the last paragraph in the A Briefer on Hashing section above, I talked about how an 8-GPU rig can crack an 8-character, MD5 hash password within 4 hours by just random guessing. On the one hand, 8 1080ti GPUs sounds expensive, especially since those graphics cards are fairly high-end. On the other hand, with cloud computing, you can rent out the GPUs by the hour and for a significantly lower cost.
如果您回想起上面“哈希简介”部分的最后一段,我谈到了8-GPU装置如何通过随机猜测就能在4小时内破解8个字符的MD5哈希密码。 一方面,8个1080ti GPU听起来很昂贵,尤其是因为那些图形卡相当高端。 另一方面,借助云计算,您可以按小时租用GPU,并且成本大大降低。
For example, on Amazon AWS, you can get a p3.2xlarge instance, which is a machine that contains a very powerful GPU, for $3.06 per hour. Eight of those would cost $24.48, and running them for 5 hours would cost $122.40. Give it a bit more wiggle room and round up to $150. This is a very basic estimate, only based on standard pricing; alternative ways of obtaining the resources can be even cheaper. For example, using AWS Spot Pricing, you can reduce the price of the p3.2xlarge from the original $3.06 to $1.04, which reduces the cost of obtaining the same password from $122.40 down to just $41.60. For less than $50, someone can crack the average password using open source tools that facilitate the password-guessing process. But it gets even easier due to the predictability of passwords.
例如,在Amazon AWS上,您可以获得一个p3.2xlarge实例 ,该实例包含一台功能非常强大的GPU,每小时收费3.06美元。 其中八个将花费$ 24.48,运行5小时将花费$ 122.40。 给它更多的摆动空间,舍入到$ 150。 这是一个非常基本的估计,仅基于标准定价; 获得资源的替代方法甚至更便宜。 例如,使用AWS Spot Pricing,您可以将p3.2xlarge的价格从原来的$ 3.06降低到$ 1.04 ,这将获得相同密码的成本从$ 122.40降低到了$ 41.60。 花费不到50美元,您就可以使用可简化密码猜测过程的开源工具来破解平均密码。 但是由于密码的可预测性,它变得更加容易。
可预测的密码使方法疯狂 (Predictable Passwords Give Method to the Madness)
From the microcosm that is our everyday lives, we think that we are somehow unique, and everything we do and create is unique. Unfortunately, that’s not true, at least not when it comes to passwords. Human-created passwords are embarrassingly predictable because our brains aren’t built like computer chips, and data storage/recall is easier if it isn’t random. Maybe that’s what makes us different from AI — we are less impressive when it comes to memory and processing.
从我们日常生活的缩影来看,我们认为我们在某种程度上是独一无二的,并且我们所做的一切和创造的都是独一无二的。 不幸的是,事实并非如此,至少在密码方面并非如此。 人工创建的密码令人难以置信地可预测,因为我们的大脑不是像计算机芯片那样构建的,并且如果不是随机的,则数据存储/调用会更容易。 也许这就是使我们与AI不同的原因 -在内存和处理方面,我们印象不那么深刻。
A while back, WordPress Engine published an article on password security based on an analysis of over 10 million leaked passwords. The most common password in that study was 123456. That was followed by password, 12345678, qwerty, 123456789, and 12345. While the article did not have a publication date, the password types hint that it might be a bit outdated; nowadays, passwords require certain combinations of letters, numbers, and sometimes even symbols.
不久前 , WordPress引擎基于对超过1000万个泄露的密码的分析发表了一篇有关密码安全性的文章 。 该研究中最常用的密码是123456 。 然后是密码 12345678 , qwerty , 123456789和12345 。 虽然该文章没有发布日期,但密码类型提示该文章可能有点过时了。 如今,密码需要字母,数字甚至符号的某些组合。
That being said, the patterns of the top 6 most-used passwords are alarming. 4 out of the total six are just a sequence of numbers, one of those is literally the word password, and qwerty is just moving your fingers across the keyboard. Figure 1 shows the most common numbers that end a password; 1 ranks first by a longshot, taking up 23.84% of the total times a password ends in a number. As the smartest species on the planet, it’s true that great minds think alike — all our passwords are basically the same! Even former U.S. President Barack Obama admitted to using passwords like 1234567 and password.
话虽如此,排名前6位的最常用密码的模式令人震惊。 六个总数中有四个只是一个数字序列,其中一个实际上是密码一词,而qwerty只是在键盘上移动手指。 图1显示了最常见的以密码结尾的数字。 1从长远来看排名第一,占密码以数字结尾的总次数的23.84%。 作为地球上最聪明的物种,诚然大人们的想法也一样-我们所有的密码基本相同! 甚至美国前总统奥巴马也承认使用1234567之类的 密码和密码 。
With this predictability in mind, it makes the process of brute-forcing a password easier because a hacker can now go through permutations of the most common passwords. In fact, brute-forcing the most common passwords is extremely easy because the hashes of those passwords are likely already stored somewhere — either locally or in some Pastebin somewhere. With that information, brute-forcing isn’t even necessary. The hacker just needs to CTRL+F and see if any of the hashes from the list of compromised accounts matches the hashes he or she already has. If you recall, a hash is unique, which means that any matches are already revealed passwords.
考虑到这种可预测性,它使暴力破解密码的过程变得更加容易,因为黑客现在可以对最常见的密码进行排列。 实际上,强行强制使用最常见的密码非常容易,因为这些密码的哈希值可能已经存储在某个位置(本地或在某些Pastebin中)。 有了这些信息,甚至没有必要进行暴力破解。 黑客只需要按CTRL + F组合键,即可查看受感染帐户列表中的任何哈希是否与他或她已经拥有的哈希匹配。 如果您还记得,哈希是唯一的,这意味着任何匹配项都是已经显示的密码。
Different permutations of passwords can also be prioritized. For example, before going into a full-on brute-force of random characters, a hacker may want to try out different combinations of the word password plus some numbers. Maybe 0–999. So it would look like password_ _ _.
密码的不同排列也可以优先。 例如,在尝试对随机字符进行全面的暴力破解之前,黑客可能想尝试密码一词和一些数字的不同组合。 可能是0-999。 因此它看起来像password_ _ _。
改善密码安全性 (Improve Your Password Security)
At the very least, increase the length of your password. If you’re using 8 characters, there are 3 quadrillion possible combinations that make up your password. By adding just 1 extra character, you increase that number by almost 100x, which means that someone would need 100x more resources in order to justify cracking a password. At 16 characters, it’s 36,079,602,200,334,571,635,466,603,985,857 possible combinations. I don’t even know what to call that number, but relationally, it’s 11.9 quadrillion times stronger than an 8-character password. That would take an 8-GPU rig up to 5.7 trillion years to crack, compared to 4.2 hours with an 8-character password.
至少要增加密码的长度。 如果您使用8个字符,则可能有3种四位数的组合来组成您的密码。 通过仅添加1个额外的字符,您将该数字增加了近100倍,这意味着某人需要多100倍的资源才能证明破解密码的合理性。 在16个字符处,它是36,079,602,200,334,571,635,466,603,985,857的可能组合。 我什至不知道该怎么称呼这个数字,但是相对而言,它比8个字符的密码强11.9万亿倍。 与使用8个字符的密码需要4.2个小时相比,使用8个GPU的设备最多需要5.7万亿年才能破解。
使用两因素(2FA)身份验证 (Use Two-Factor (2FA) Authentication)
Two-factor authentication is great for reasons that go beyond account protection; in the event that someone obtains your password, that person still cannot access your account without also inputting a secondary password. Ideally, you should use a 2FA service like Google Authenticator or Authy, which works very differently from text-message 2FA. Without going into too much detail, the fact is that text-message 2FA is a weak, vulnerable method because chances are that leaked data breaches will not only contain username/email/password information but likely phone numbers, too. With that information, hackers can obtain text-message 2FAs that should otherwise be going to your phone.
双重身份验证非常有用,其原因超出了帐户保护范围。 如果有人获得了您的密码,那么该人仍然无法访问您的帐户,除非也输入辅助密码。 理想情况下,您应该使用2FA服务(例如Google Authenticator或Authy),其服务与短信2FA完全不同。 无需赘述,事实是,短信2FA是一种脆弱的,易受攻击的方法,因为泄漏的数据泄露可能不仅会包含用户名/电子邮件/密码信息,而且可能还会包含电话号码。 有了这些信息,黑客就可以获取本应发送到手机的短信2FA。
使用密码管理器 (Use a Password Manager)
There’s one thing I hate about password managers: the more you use them, the more vendor lock-in you have. For example, if you use a password generator that is stored on Google Chrome, the Chrome browser will save your password for future use, but if you attempt to use another browser like Microsoft Edge or Mozilla FireFox, you will not have that password saved. Worse, each password is unique and randomly generated for each website, which means you are unlikely to remember any of them. But that’s the good thing — password managers create amazingly strong passwords that will increase your Internet security in a way that you couldn’t do yourself.
我讨厌密码管理器的一件事:使用密码管理器的次数越多,您锁定的供应商就越多。 例如,如果您使用存储在Google Chrome上的密码生成器,Chrome浏览器将保存您的密码以备将来使用,但是如果您尝试使用其他浏览器(如Microsoft Edge或Mozilla FireFox),则不会保存该密码。 更糟糕的是,每个密码都是唯一的,并且是每个网站随机生成的,这意味着您不太可能记住其中的任何一个。 但这是一件好事-密码管理器创建了非常强大的密码,这些密码将以您无法做的方式提高您的Internet安全性。
检查您是否已经妥协 (Check If You’re Already Compromised)
It’s unlikely that a hacker will magically guess your password through login attempts on a website — by the time they are trying to log in, chances are they already obtained your password. A good way to check if your username/password or other information was leaked is to enter your email address(es) on HaveIBeenPwned. That website monitors the Internet to find emails that are traced back to data breaches. It’s a free service that also alerts you via email every time it finds one of your emails in a data breach. If you’re ever notified, then it’s a good idea to change your password immediately on the compromised account, as well as on other accounts that have the same password.
黑客不太可能通过在网站上尝试登录来神奇地猜测出您的密码-在他们尝试登录时,很可能已经获得了您的密码。 检查您的用户名/密码或其他信息是否泄漏的一个好方法是在HaveIBeenPwned上输入您的电子邮件地址。 该网站监视互联网,以查找可追溯到数据泄露的电子邮件。 这是一项免费服务,每次发现数据泄露中的一封电子邮件时,也会通过电子邮件提醒您。 如果您收到过通知,那么最好立即在受感染的帐户以及具有相同密码的其他帐户上更改密码。
翻译自: https://medium.com/@kennymuli/password-cracking-is-easy-heres-how-to-do-it-875806a1e42a
1661
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
