Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 2 May 2021 23:38:55 +0200
From: Solar Designer <>
Subject: Re: source of information for John's charset files

On Sun, May 02, 2021 at 11:21:34PM +0200, Solar Designer wrote:
> Anyway, I just ran some tests the other way around - "cracking" RockYou
> passwords.  I didn't try excluding RockYou itself from the training sets
> here - can't do that while including our current .chr files in the
> comparison.  So this is in-sample testing, which is generally a wrong
> thing to do, but with that in mind here are the results for different
> training sets (all are for incremental mode and 1 billion candidates):
> RockYou with dupes - 20.2%
> RockYou unique - 21.9%
> HIBPv7 cracked - 17.9%
> The percentages cracked are those of RockYou unique.
> Not surprisingly, RockYou is best fit for itself.  HIBP is an acceptable
> fit as well.  It could have potentially performed better than RockYou
> on this test due to its larger size, but as we can see that was not
> enough to overcome it not being such a perfect fit as RockYou itself.

FWIW, RockYou unique being best fit for itself persists after I shuffled
it and split it into a 1M test set and 13.3M training set (no matching
passwords in the sets, but both sets are parts of RockYou).  Got 21.5%.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.