Show HN: 5+ Billion Passwords in Order of Most Popular

"Your password must be between 12 to 46 characters long and must include at least one number, upper case character, special character, kanji character, rune and quadratic equation"

Since the list is only rarely updated, this seems a perfect application Botelho's for minimal perfect hashing algorithm[1]. At about 8 bits per item storage and constant lookup it would be quite practical to use the top 32 Million list (appeared at least 10 times).

[1] http://cmph.sourceforge.net/papers/tr06.pdf

Note that this password list is valid rather for English speaking world.

The largest list is 20GB, but it's not the only one.

Popularity was based on how many they appeared in files that had all duplicates removed (in reference to themselves)

The smallest file had passwords that appeared 75+ times, and the largest file had passwords that appeared 2+ times.

The top 195 Thousand (which appeared 25+ times in analysis) clocks in at 803kb as a text file with nothing but the passwords themselves

Password validation is stupid and annoying. At best this should be used to display a warning that can be ignored.

Or Alexander or Victoria. It's weird that these first names appear in the Top196-probable.txt file.

Is there really any reason to multiply the downloads by 4 just to have different compression methods? It seems to me like that just needlessly dilutes the seed swarm and wastes space, since pretty much any modern archive reader can unpack all the provided formats. Sure, specialized command-line utils can't, but if you're using one of those then you probably know which one to use for a given format.

Have you considered using IPFS for distribution?

Torrents are back! Mostly.

Two out of the 12 aren't, but every wordlist can be downloaded via torrent in at least 3 compressed formats, including .7z

As I was looking around for the files to make this project, on SecLists, Weakpass, and Hashes.org, most of the files were in alphabetical order. This was especially true for the larger files.

Like others have mentioned, the criminal hackers are already up on this stuff. It's more beneficial to the security community as a whole to expose these things so you know how to implement effective security policies. When your trying to convince management to implement something security related it's one thing to say "We think this is a threat" verses saying "hey watch this" and demonstrating the threat.

Audits. Education. Change.

It's not like bad guys don't already have wordlists, or that they are new in any way. Having good ones available, in the open, for everyone to use, provides a net benefit in the long run imo.

It's already exposed. That's the point. The adversary has this intel. It would be irresponsible not to study and publish it, thereby reducing their informational edge.

To quote a certain Alfred Charles Hobbs: "Rogues are very keen in their profession, and know already much more than we can teach them."

Also see: Security through Obscurity.

We've banned this account for abusing the site, including posting many unsubstantive comments after we asked you to stop. Please don't create accounts to break the site rules with.