Also, reminded me about this tremendous presentation (I recommend watching it all, although it takes 45 minutes for all 3 parts): https://www.youtube.com/watch?v=84WI-jSgNMQ
@Moon@vriska Oh god, I can see that happening. We had an HP printer that listened on port 9000. Anything piped there, it would print. No firewalls, no passwords, no nothing. It was their network printing solution before JetDirect.
@Moon@vriska My "password manager" remembers 788 password entities, although not all of them are for websites. Some are for LUKS, some are for routers, etc. The first password it remembers is for "Java development", and the 2nd is for Avogato. It only had 8 characters! I put the manager in quotes because there's no manager. I just store passwords in files and encrypt them with PGP. This excludes my mobile devices, but fortunately I do not lead a mobile life. On the upside, large-scale intrusions at password managers do not affect me.
@Moon@vriska One of the first systems that I worked on had 3-letter passwords. I was an undergrad back then, mind. So, after some snooping around I found that it kept them in a 16-bit word. That immediately made me think about Radix-50 encoding, and after some quick cryptoanalysis in Fortran IV, I found that the encryption was a rotation left by 5 bits. The master password was "WOW". Using this information, I went around universities in the city, penetrating student terminal rooms, and getting privileged access. For one of them, I forged a student ID by using a pencil and a piece of paper that I attached to my own ID with small chunks of bread in leu of removable adhesive. When the developers heard about this, they updated the system to keep 8-character passwords in a separate file, accessible with a special syscall, and modified all utilities of course.