From SkullSecurity
Revision as of 20:19, 4 March 2010 by Ron (talk | contribs)
Jump to navigation Jump to search

Password dictionaries

These are dictionaries that come with tools/worms/etc, designed for cracking passwords. As far as I know, I'm not breaking any licensing agreements by mirroring them with credit; if you don't want me to host one of these files, let me know and I'll remove it.

Name Compressed Uncompressed Notes
Cain & Able List-cain.txt.bz2 (1,069,968 bytes) List-cain.txt (3,149,586 bytes) Fairly comprehensive
John the Ripper List-john.txt.bz2 (10,934 bytes) List-john.txt (21,935 bytes) Simple, designed to be modified
Conficker worm Conficker.txt.bz2 (1411 bytes) Conficker.txt (702 bytes) Used by conficker worm to spread
500 worst passwords 500-worst-passwords.txt.bz2 (1868 bytes) 500-worst-passwords.txt (3493 bytes)

Leaked passwords

Passwords that were leaked or stolen from sites. I'm hosting them because it seems like nobody else does. Naturally, I'm not the one who stole these.

Name Compressed Uncompressed Notes
MySpace List-myspace.txt.bz2 (175,970 bytes) List-myspace.txt (356,352 bytes) Ordered by commonness
Captured via phishing; not representative
MySpace - with count Myspace-counts.txt.bz2 (179,929 bytes) Myspace-counts.txt (653,504 bytes)
phpbb phpbb.txt.bz2 (868,606 bytes) phpbb.txt (1,574,395 bytes) Ordered by commonness
Cracked from md5 by Brandon Enright (97%+ coverage)
phpbb with count phpbb-withcount.txt.bz2 (872,867 bytes) phpbb-withcount.txt (3,049,507 bytes)
phpbb with md5 phpbb-withmd5.txt.bz2 (4,117,887 bytes) phpbb-withmd5.txt (7,659,241 bytes)
Rockyou - original rockyou.txt.bz2 (139,943,478 bytes) rockyou.txt (289,836,298 bytes) Stolen as-is
Thanks to Mark Baggett
for the tip!
Rockyou - by count rockyou-bycount.txt.bz2 (60,498,886 bytes) rockyou-bycount.txt (139,921,497 bytes)
Rockyou - with count rockyou-withcount.txt.bz2 (59,500,255 bytes) rockyou-withcount.txt (254,676,625 bytes)


I did some calculations and determined how many passwords you'd need, on average, to crack which percentage of users' passwords, based on the leaked passwords from These lists will crack the advertised amount on an average cross-section of people if no password restrictions are in place:

Passwords Coverage Download
1254.99%rockyou-5.txt (983 bytes)
71610.00%rockyou-10.txt (5,564 bytes)
230014.99%rockyou-15.txt (18,009 bytes)
640920.00%rockyou-20.txt (51,172 bytes)
1645025.00%rockyou-25.txt (133,053 bytes)

Dictionaries, etc.

These are dictionaries of words (etc), not passwords. They may be useful for one reason or another.

Name Compressed Uncompressed Notes
English English.txt.bz2 (349,604 bytes) English.txt (1,055,781) I forget where this came from
English (2) English2.txt.bz2 (975,280 bytes) English2.txt (2,828,046) Found by Andrew Orr
German German_list.txt.bz2 (2,121,045 bytes) German_list.txt (6,736,833 bytes) See header for credit info
American cities US_Cities.txt.bz2 (77,081 bytes) US_Cities.txt (207,041 bytes) Generated by RSnake
"Porno" porno-passwords.txt.bz2 (7,158,285 bytes) porno-passwords.txt (46,955,376 bytes) World's largest porno password collection!