Difference between revisions of "Passwords"

From SkullSecurity
Jump to navigation Jump to search
Line 49: Line 49:


The best use of these is to generate or test password lists.  
The best use of these is to generate or test password lists.  
Note: The dates are approximate.
<table style='border-width: 1px; border-spacing: 2px; border-color: gray; border-style: outset; border-collapse: separate; color: #c0c0c0; font-size: 8pt;'>
<table style='border-width: 1px; border-spacing: 2px; border-color: gray; border-style: outset; border-collapse: separate; color: #c0c0c0; font-size: 8pt;'>
  <tr>
  <tr>
Line 54: Line 56:
   <td width='280'><strong>Compressed</strong></td>
   <td width='280'><strong>Compressed</strong></td>
   <td width='280'><strong>Uncompressed</strong></td>
   <td width='280'><strong>Uncompressed</strong></td>
  <td width='50'><strong>Date</strong></td>
   <td><strong>Notes</strong></td>
   <td><strong>Notes</strong></td>
  </tr>
  </tr>
Line 61: Line 64:
   <td>[http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2 rockyou.txt.bz2] (60,498,886 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2 rockyou.txt.bz2] (60,498,886 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/rockyou.txt rockyou.txt] (139,921,497 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/rockyou.txt rockyou.txt] (139,921,497 bytes)</td>
  <td rowspan='2'>2009-12</td>
   <td rowspan='2'>Best list available; huge, stolen unencrypted</td>
   <td rowspan='2'>Best list available; huge, stolen unencrypted</td>
  </tr>
  </tr>
Line 73: Line 77:
   <td>[http://downloads.skullsecurity.org/passwords/phpbb.txt.bz2 phpbb.txt.bz2] (868,606 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/phpbb.txt.bz2 phpbb.txt.bz2] (868,606 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/phpbb.txt phpbb.txt] (1,574,395 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/phpbb.txt phpbb.txt] (1,574,395 bytes)</td>
  <td rowspan='3'>2009-01</td>
   <td rowspan='3'>Ordered by commonness<br>Cracked from md5 by Brandon Enright<br>(97%+ coverage)</td>
   <td rowspan='3'>Ordered by commonness<br>Cracked from md5 by Brandon Enright<br>(97%+ coverage)</td>
  </tr>
  </tr>
Line 90: Line 95:
   <td>[http://downloads.skullsecurity.org/passwords/myspace.txt.bz2 myspace.txt.bz2] (175,970 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/myspace.txt.bz2 myspace.txt.bz2] (175,970 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/myspace.txt myspace.txt] (356,352 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/myspace.txt myspace.txt] (356,352 bytes)</td>
  <td rowspan='2'>2006-10</td>
   <td rowspan='2'>Captured via phishing</td>
   <td rowspan='2'>Captured via phishing</td>
  </tr>
  </tr>
Line 102: Line 108:
   <td>[http://downloads.skullsecurity.org/passwords/hotmail.txt.bz2 hotmail.txt.bz2] (47,195 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/hotmail.txt.bz2 hotmail.txt.bz2] (47,195 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/hotmail.txt hotmail.txt] (87,383 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/hotmail.txt hotmail.txt] (87,383 bytes)</td>
  <td rowspan='2'>Unknown</td>
   <td rowspan='2'>Isn't clearly understood how these were stolen</td>
   <td rowspan='2'>Isn't clearly understood how these were stolen</td>
  </tr>
  </tr>
Line 111: Line 118:
   
   
  <tr>
  <tr>
   <td>Faithwriters</td>
   <td>[http://forums.crosswalk.com/m_4252083/mpage_1/tm.htm Faithwriters]</td>
   <td>[http://downloads.skullsecurity.org/passwords/faithwriters.txt.bz2 faithwriters.txt.bz2] (39,327 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/faithwriters.txt.bz2 faithwriters.txt.bz2] (39,327 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/faithwriters.txt faithwriters.txt] (72,695 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/faithwriters.txt faithwriters.txt] (72,695 bytes)</td>
  <td rowspan='2'>2009-03</td>
   <td rowspan='2'>Religious passwords</td>
   <td rowspan='2'>Religious passwords</td>
  </tr>
  </tr>
Line 126: Line 134:
   <td>[http://downloads.skullsecurity.org/passwords/elitehacker.txt.bz2 elitehacker.txt.bz2] (3,690 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/elitehacker.txt.bz2 elitehacker.txt.bz2] (3,690 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/elitehacker.txt elitehacker.txt] (6,516 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/elitehacker.txt elitehacker.txt] (6,516 bytes)</td>
  <td rowspan='2'>2009-07</td>
   <td rowspan='2'>Part of zf05.txt</td>
   <td rowspan='2'>Part of zf05.txt</td>
  </tr>
  </tr>
Line 138: Line 147:
   <td>[http://downloads.skullsecurity.org/passwords/hak5.txt.bz2 hak5.txt.bz2] (16,490 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/hak5.txt.bz2 hak5.txt.bz2] (16,490 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/hak5.txt hak5.txt] (24,714 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/hak5.txt hak5.txt] (24,714 bytes)</td>
  <td rowspan='2'>2009-07</td>
   <td rowspan='2'>Part of zf05.txt</td>
   <td rowspan='2'>Part of zf05.txt</td>
  </tr>
  </tr>
Line 150: Line 160:
   <td>[http://downloads.skullsecurity.org/passwords/alysaa.txt.bz2 alysaa.txt.bz2] (5,178 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/alysaa.txt.bz2 alysaa.txt.bz2] (5,178 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/alysaa.txt alysaa.txt] (11,634 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/alysaa.txt alysaa.txt] (11,634 bytes)</td>
  <td rowspan='2'>2010-03</td>
   <td rowspan='2'>Finnish passwords</td>
   <td rowspan='2'>Finnish passwords</td>
  </tr>
  </tr>
Line 162: Line 173:
   <td>[http://downloads.skullsecurity.org/passwords/facebook-pastebay.txt.bz2 facebook-pastebay.txt.bz2] (375 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/facebook-pastebay.txt.bz2 facebook-pastebay.txt.bz2] (375 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/facebook-pastebay.txt facebook-pastebay.txt] (500 bytes)</td>
   <td>[http://downloads.skullsecurity.org/passwords/facebook-pastebay.txt facebook-pastebay.txt] (500 bytes)</td>
  <td rowspan='2'>2010-04</td>
   <td rowspan='2'>Found on Pastebay;<br>appear to be malware-stolen.</td>
   <td rowspan='2'>Found on Pastebay;<br>appear to be malware-stolen.</td>
</tr>
</tr>

Revision as of 15:01, 9 July 2010

Password dictionaries

These are dictionaries that come with tools/worms/etc, designed for cracking passwords. As far as I know, I'm not breaking any licensing agreements by mirroring them with credit; if you don't want me to host one of these files, let me know and I'll remove it.

Name Compressed Uncompressed Notes
John the Ripper john.txt.bz2 (10,934 bytes) john.txt (21,935 bytes) Simple, extremely good, designed to be modified
Cain & Able cain.txt.bz2 (1,069,968 bytes) cain.txt (3,149,586 bytes) Fairly comprehensive, not ordered
Conficker worm conficker.txt.bz2 (1411 bytes) conficker.txt (702 bytes) Used by conficker worm to spread -- low quality
500 worst passwords 500-worst-passwords.txt.bz2 (1868 bytes) 500-worst-passwords.txt (3493 bytes)
370 Banned Twitter passwords twitter-banned.txt.bz2 (1509 bytes) twitter-banned.txt (2780 bytes)


Leaked passwords

Passwords that were leaked or stolen from sites. I'm hosting them because it seems like nobody else does (hopefully it isn't because hosting them is illegal :)). Naturally, I'm not the one who stole these; I simply found them online, removed any names/email addresses/etc (I don't see any reason to supply usernames -- if you do have a good reason, email me (ron-at-skullsecurity.net) and I'll see if I have them.

The best use of these is to generate or test password lists.

Note: The dates are approximate.

Name Compressed Uncompressed Date Notes
Rockyou rockyou.txt.bz2 (60,498,886 bytes) rockyou.txt (139,921,497 bytes) 2009-12 Best list available; huge, stolen unencrypted
Rockyou with count rockyou-withcount.txt.bz2 (59,500,255 bytes) rockyou-withcount.txt (254,676,625 bytes)
phpbb phpbb.txt.bz2 (868,606 bytes) phpbb.txt (1,574,395 bytes) 2009-01 Ordered by commonness
Cracked from md5 by Brandon Enright
(97%+ coverage)
phpbb with count phpbb-withcount.txt.bz2 (872,867 bytes) phpbb-withcount.txt (3,049,507 bytes)
phpbb with md5 phpbb-withmd5.txt.bz2 (4,117,887 bytes) phpbb-withmd5.txt (7,659,241 bytes)
MySpace myspace.txt.bz2 (175,970 bytes) myspace.txt (356,352 bytes) 2006-10 Captured via phishing
MySpace - with count myspace-withcount.txt.bz2 (179,929 bytes) myspace-withcount.txt (653,504 bytes)
Hotmail hotmail.txt.bz2 (47,195 bytes) hotmail.txt (87,383 bytes) Unknown Isn't clearly understood how these were stolen
Hotmail with count hotmail-withcount.txt.bz2 (47,975 bytes) hotmail-withcount.txt (158,831 bytes)
Faithwriters faithwriters.txt.bz2 (39,327 bytes) faithwriters.txt (72,695 bytes) 2009-03 Religious passwords
Faithwriters - with count faithwriters-withcount.txt.bz2 (40,233 bytes) faithwriters-withcount.txt (139,480 bytes)
Elitehacker elitehacker.txt.bz2 (3,690 bytes) elitehacker.txt (6,516 bytes) 2009-07 Part of zf05.txt
Elitehacker - with count elitehacker-withcount.txt.bz2 (3,846 bytes) elitehacker-withcount.txt (13,676 bytes)
Hak5 hak5.txt.bz2 (16,490 bytes) hak5.txt (24,714 bytes) 2009-07 Part of zf05.txt
Hak5 - with count hak5-withcount.txt.bz2 (16,947 bytes) hak5-withcount.txt (43,522 bytes)
Alysaa alysaa.txt.bz2 (5,178 bytes) alysaa.txt (11,634 bytes) 2010-03 Finnish passwords
Alysaa - with count alysaa-withcount.txt.bz2 (6,013 bytes) alysaa-withcount.txt (22,706 bytes)
Facebook (Pastebay) facebook-pastebay.txt.bz2 (375 bytes) facebook-pastebay.txt (500 bytes) 2010-04 Found on Pastebay;
appear to be malware-stolen.
Facebook (Pastebay) - w/ count facebook-pastebay-withcount.txt.bz2 (407 bytes) facebook-pastebay-withcount.txt (940 bytes)

Coverage (Rockyou)

I did some calculations and determined how many passwords you'd need, on average, to crack which percentage of users' passwords, based on the leaked passwords from Rockyou.com. These lists will crack the advertised amount on an average cross-section of people if no password restrictions are in place:

Passwords Coverage Download
134.99%rockyou-5.txt (104 bytes)
9210.00%rockyou-10.txt (723 bytes)
24915.01%rockyou-15.txt (1,943 bytes)
51220.00%rockyou-20.txt (3,998 bytes)
92925.00%rockyou-25.txt (7,229 bytes)
155630.00%rockyou-30.txt (12,160 bytes)
250635.00%rockyou-35.txt (19,648 bytes)
395740.00%rockyou-40.txt (31,220 bytes)
616445.00%rockyou-45.txt (49,133 bytes)
943850.00%rockyou-50.txt (75,912 bytes)
1423655.00%rockyou-55.txt (115,186 bytes)
2104160.00%rockyou-60.txt (170,244 bytes)
3029065.00%rockyou-65.txt (244,535 bytes)
4266170.00%rockyou-70.txt (344,231 bytes)
5918775.00%rockyou-75.txt (478,948 bytes)

Statistics

I did some tests of my various dictionaries against the different sets of leaked passwords. I grouped them by the password set they were trying to crack:

Miscellaneous non-hacking dictionaries

These are dictionaries of words (etc), not passwords. They may be useful for one reason or another.

Name Compressed Uncompressed Notes
English english.txt.bz2 (1,215,711 bytes) english.txt (3,681,567 bytes) My combination of a couple lists, one from Andrew Orr, one from Brandon Enright
German german.txt.bz2 (2,371,487 bytes) german.txt (8,827,974 bytes) Compiled by Brandon Enright
American cities us_cities.txt.bz2 (77,081 bytes) us_cities.txt (207,041 bytes) Generated by RSnake
"Porno" porno.txt.bz2 (7,158,285 bytes) porno.txt (46,955,376 bytes) World's largest porno password collection!
Created by Matt Weir