**I Vincitori della Libertà: Storia di un Vasetto**
Con Ettore ci conoscevamo da anni, ma diventammo davvero amici solo un paio di estati fa. Entrambi avevamo appena superato un secondo divorzio difficile. Non ci buttammo nell’alcol, tutt’altro: sport, biciclette, corse mattutine. Non era il vino a unirci, ma la libertà. E la paura di perderla di nuovo.
Ettore uscì dal matrimono come se l’avessero passato con un rullo compressore, non dal tribunale ma dalla vita stessa. La sua ex aveva scatenato una guerra per ogni piatto, ogni emozione, ogni cucchiaino d’argento. Io me la cavai con meno danni, ma non certo tra gli applausi. Ci liberammo quasi insieme, come se avessimo tolto sacchi di cemento dalle spalle.
Ricordo bene quella sera in cui pedalavamo per i viali del parco Sempione a Milano, quando lui all’improvviso mollò il manubrio, allargò le braccia e urlò a squarciagola:
— Li-ber-tà-à-à!
I cani del quartiere abbaiarono, le nonne si fecero il segno della croce, e noi ridemmo come due fuggiti da un manicomio. Ma era felicità. Pura, rumorosa, sincera.
Per un anno vivemmo come liberi: senza obblighi, senza lamentele, senza i fastidi della vita domestica. Diventammo più magri, più giovani, ci alzavamo all’alba. La vita coniugale, a quanto pare, non solo invecchia l’anima—ingrassa anche il corpo. Ma la libertà guarisce.
Una sera andai da Ettore—aveva comprato una bicicletta nuova e voleva mostrarmela. Mentre armeggiavamo nell’ingresso, la catena si impiastricciò di olio, e andai in bagno a lavarmi. Ed eccola lì. Una piccola boccetta rosa sullo scaffale. Cosmetici. Femminili.
— Ettò! — gridai sosp# 2pass
A simple password rating application
This is a simple application to estimate what can be learned about a password’s strength by breaking it into 2 halves.
The process:
1. Break the password into two equal length parts. If the password has an odd length, the first half is 1 character longer (for 7 character passwords it’s 4/3 not 3/4)
1. Check each half against a database of cracked passwords (such as Have I Been Pwned). Give each a “strength” based on prevalence.
1. Use the strength of the two halves to estimate the strength of the password.
Why? Because the strength of a password of length N is often estimated as 2 times the strength of a password of length N/2. Obviously, this isn’t always the case (the strength of “passwordpassword” isn’t much more than “password”, if indeed it is), but it’s a useful rule of thumb.
For example, if we consider the password “correcthorsebatterystaple”:
1. Break into “correcthorse” and “batterystaple”
1. Check “correcthorse” (not found in HIBP) and “batterystaple” (found once in HIBP, which indicates it might be a commonly used phrase)
1. The password “correcthorsebatterystaple” is measurably weaker than the sum of the parts
Another example, the password “9654American”
1. Break into “9654Am” and “erican”
1. Check “9654Am” (not found in HIBP) and “erican” (found 48 times, which indicates some possible dictionary words)
1. While a password of 11 characters is reasonably strong (assuming random alphanumeric characters), a quick check shows that the second half is using dictionary characters.
In both cases, these are likely better than most passwords, but they’re not as good as one might expect from looking at the size alone.
To use this tool, you’ll need a copy of [have-i-been-pwned’s password file(s)](https://haveibeenpwned.com/Passwords). Once you have them, you’ll need to sort them in order from most popular to least popular (they come in that order in the downloadable files). The python script will take the file as an argument and allow for the querying of passwords.
For example (using the first 100 lines of the million password file):
“`
$ ./query.py pwned-passwords-1.0.txt
Enter password to check (or CTRL-D to exit): password
password 3645804
0.5 password not found in database
0.5 password not found in database
password is weak
Enter password to check (or CTRL-D to exit): 123456
123456 2423055
0.5 123 not found in database
0.5 456 not found in database
123456 is weak
Enter password to check (or CTRL-D to exit): trustno1
trustno1 326394
0.5 trus not found in database
0.5 tno1 not found in database
trustno1 is weak
Enter password to check (or CTRL-D to exit): letmein
letmein 221195
0.5 let not found in database
0.5 mein not found in database
letmein is weak
Enter password to check (or CTRL-D to exit): whatever
whatever 87368
0.5 what not found in database
0.5 ever not found in database
whatever is weak
Enter password to check (or CTRL-D to exit): sunshine
sunshine 47353
0.5 suns not found in database
0.5 hine not found in database
sunshine is weak
Enter password to check (or CTRL-D to exit): freedom
freedom 46142
0.5 fre not found in database
0.5 edom not found in database
freedom is weak
Enter password to check (or CTRL-D to exit): dragon
dragon 41991
0.5 dra not found in database
0.5 gon not found in database
dragon is weak
Enter password to check (or CTRL-D to exit): qwerty
qwerty 38289
0.5 qwe not found in database
0.5 rty not found in database
qwerty is weak
Enter password to check (or CTRL-D to exit): ferrari
ferrari 36803
0.5 fer not found in database
0.5 rari not found in database
ferrari is weak
Enter password to check (or CTRL-D to exit): hunter2
hunter2 35866
0.5 hun not found in database
0.5 ter2 not found in database
hunter2 is weak
Enter password to check (or CTRL-D to exit): correcthorsebatterystaple
0.5 correcthorse not found in database
0.5 batterystaple 1
correcthorsebatterystaple is not terrible, but the second half is known
Enter password to check (or CTRL-D to exit): 9654American
0.5 9654Am not found in database
0.5 erican 48
9654American is not terrible, but the second half is known
Enter password to check (or CTRL-D to exit): ^D
“`