Date: Fri, 21 Aug 2020 06:38:48 +0200 From: Albert Veli <albert.veli@...il.com> To: john-users@...ts.openwall.com Subject: Re: any experience with hasheshorg2019 wordlist? On Tue, Aug 18, 2020 at 6:22 PM Royce Williams <royce@...ho.org> wrote: > > I'll have to disagree with you there. :) The hashes.org founds contain 100% > of RockYou - as well as 100% of other similar plaintext leaks (such as the > more recent LiveJournal leak) - due to their presence in other lists (such > as the Have I Been Pwned corpus). Since these were cracked using those > original plaintexts, they are fully represented. > > The leaks on hashes.org are from a variety of sources, platforms, and time > periods - and therefore a variety of demographics / cultures / countries. > > Also, the crack rate for fast hashes is much higher - on the order of 99% > and up for many leaks based on fast hashes. And the success rate is > constantly going up, as new leaks are made public elsewhere and are used as > raw material to attack old lists. > > For these reasons, the superset of all hashes.org "founds" is one of the > most efficient broad-spectrum attack wordlists (that is publicly and freely > available) for real human passwords. > Thanks! I didn't know they had such high crack rate. The fully plaintext leaks and any 99+% lists are definitely good to use for statistics. I have to check it out. //Albert
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.