Does anyone else find it a bit off-color to crack a password at all without permission? It seems to me like taking a photograph of a person in the shower then saying "yeah but we'll only publish the nude photo with permission." Yeah the password is no longer secure and bad people do bad things like this ilegally all the time - so don't be one of them, it's just yuk. Have some respect for privacy and don't invade it without permission FIRST.
Maybe a correct title is creeps crack Bill Joy's password without permission - or did they get permission first?
Apparently it's off-color to dare suggest password cracking without permission is an invasion of privacy(!) I don't recall anyone suggesting private passwords have no expectation of privacy myself but clearly people here think it to be so. So that's weird and just a bit creepy.
In what way is cracking a password hash an invasion of privacy? The act itself is completely harmless and legal; it is only a problem if you use said password to actually access the person's systems.
It is also part of the hacker culture to test other people's security in a white-hat manner. This is a good thing.
If my password were weak enough to be cracked in this way, I'd certainly prefer someone do it and tell me to change my password rather than use it for their own gain.
As for off-color, name-calling is generally frowned upon even if you have a point. If you disagree, it's best to keep your tone neutral
Breaching someone's privacy where they have the reasonable expectation of having privacy is a problem always in all circumstances. Does the benefit outweigh it? Not in this case.
You crack and you know what kind of thing that person uses for a pass phrase. If they created their pass phrase with the belief that it was private it could very well be something they don't wan't published. something like "I like big butts and I cannot lie" is the least embarrassing thing. Do they love Sir Mixalot? Are they mysognist? Was it somethign they just overheard and used with zero thought? There should be no such speculation because we shouldn't even know. You shouldn't have to explain what you've used or justify it because you have the complete expectation of privacy. It's a private thought with private context - "get the hell out of my mind - I didn't ask you in here", I don't want you to form opinions about a private thought. I don't want you or anyone anywhere near my private thoughts.
Creep is a generally farily well accepted pejoritive term for someone who wilfully invades privacy for their own amusement. I do mean it to be pejoritive. It is reasonable to form the view that being pejorative in this case has merits. But sure, disagree all you like, make the case, no doubt the NSA would agree the privacy invasion is ok.
This is not security testing. This is straight up curiousity & giggles of "what did $famous_person use for a pass phrase?" It's nobody's business. If you want to know, ask. If the person has forgotten and gives you permission, then you crack like a well mannered and respectful human being.
I think that is an entirely reasonable point of view. If it stung some people then that's worthwhile.
Maybe a correct title is creeps crack Bill Joy's password without permission - or did they get permission first?