> His password: netflix pA5$word the net is flickering
I don't get it that you say that "netflix" in this password has no more worth than a single character. How can the cracker know that this is "netflix" and not "netfli " or "neTflix"?
Furthermore, it's not like the password reveals itself during the process. Untill all characters are found, there should be no logic in the result, or am I wrong?
I thought he uses the unchanged service name as a prefix. If I had the chance bruteforce netflix accounts with a dictionary I'd definitely have "netflix" as one of my dictionary words to it (and Netflix and netflix.com and Netflix.com etc).
I assume netflix is in the dictionary for all word based bruteforce attack. It's just a prefix word in the scheme that is super easy to remember, it's in the url. And an attacker can't know whether it's www.netflix.com, www.netflix.se, Netflix, NETFLIX, in the beginning, in the end or any number of variants that could be used consistently in the scheme. The main part is that I can remember it as "service name lower case" "breaker string" "words".
I don't get it that you say that "netflix" in this password has no more worth than a single character. How can the cracker know that this is "netflix" and not "netfli " or "neTflix"?
Furthermore, it's not like the password reveals itself during the process. Untill all characters are found, there should be no logic in the result, or am I wrong?