Snapshot of uploaded contact data from calendar (skycure.com)

There is not other way but to check my password against the combo_not.txt found via Filestube. People already posted howto check this, the easiest way is doing a single line in the shell:

$ printf bandito | openssl sha1 | cut -c10- | grep -f - combo_not.txt
00000d40df69b72328229d2425714f40d7d9a7a3

Bingo! a match there for the password “bandito” (I choose this randomly expecting some person out there is using it). Another way (for comparison as I’m no security expert) is by this short python script (slightly altered from Phobos Technology blog post):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

"""
Save this file as linkedin_hash.py and ensure it's
in the same folder as combo_not.txt
Usage: python linkedin_hash.py hunter2
"""
from hashlib import sha1
import sys
password = sys.argv[1]
hsh = sha1(password).hexdigest()
print "SHA-1: %s" % hsh
x = 0
for line in open('combo_not.txt','r'):
    if hsh == line.strip():
        x += 1
    elif "00000" + hsh[5:] == line.strip():
        x += 1
        print "Matching line: %s" % line
print "Number of matches: %d" % x

My verdict is: my password is on the list and I’m considering a leap of faith from devoted conspiracy believer.

PS: I don’t find that “password” or “123456″ as common passwords used by many people.
PPS: A side story: Indonesians are found to be using weakest passwords (as research over Yahoo ID revealed)