Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 21 Aug 2020 06:38:48 +0200
From: Albert Veli <>
Subject: Re: any experience with hasheshorg2019 wordlist?

On Tue, Aug 18, 2020 at 6:22 PM Royce Williams <> wrote:
> I'll have to disagree with you there. :) The founds contain 100%
> of RockYou - as well as 100% of other similar plaintext leaks (such as the
> more recent LiveJournal leak) - due to their presence in other lists (such
> as the Have I Been Pwned corpus). Since these were cracked using those
> original plaintexts, they are fully represented.
> The leaks on are from a variety of sources, platforms, and time
> periods - and therefore a variety of demographics / cultures / countries.
> Also, the crack rate for fast hashes is much higher - on the order of 99%
> and up for many leaks based on fast hashes. And the success rate is
> constantly going up, as new leaks are made public elsewhere and are used as
> raw material to attack old lists.
> For these reasons, the superset of all "founds" is one of the
> most efficient broad-spectrum attack wordlists (that is publicly and freely
> available) for real human passwords.

Thanks! I didn't know they had such high crack rate. The fully
plaintext leaks and any 99+% lists are definitely good to use for
statistics. I have to check it out.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.