04-11-2015, 09:17 PM
rockyou for sure, but linkedin was uniq'd so it's no good for this purpose.
|
best64.rule contest
|
04-12-2015, 12:23 PM
Yeah uniq the hashlist wasn't good. Btw, there is also "10-million-combos.txt" from Mark Burnett. I've replaced many of my "rockyou.txt" tasks with this list already.
+ real people passwords + made for research + nearly same size as rockyou.txt + from different sites not just one + not gaming sites, so maybe more serious passwords - not a leak, cracked passwords 
04-13-2015, 01:01 AM
(This post was last modified: 04-14-2015, 02:22 AM by Kgx Pnqvhm.)
Have you taken into account any of the issues cited in "A list of flaws in the data set_10millionpasswords" at
https://www.reddit.com/r/10millionpasswo..._data_set/
04-13-2015, 11:10 AM
No that's actually new to me, thanks! I've gone through the list and pulled out what could be a problem if we would use it for a contest:
- used cleanup scripts (don't this to your wordlists unless you really know what you do) - email addresses - default passwords tend to skew lists - weighted criteria - hashes in wordlist 
04-13-2015, 04:55 PM
I'm not sure if uniq'ed wordlists pose a problem for this contest (linkedin). I guess the difference between total number of cracked passwords vs unique cracked passwords is relatively small because commonly used passwords usually follow weak rules (or none at all). Contrary, non-uniq'd lists might push up random spam bot passwords.
04-13-2015, 04:56 PM
The list from the previous contest was unique on purpose.
There are two reasons why you find duplicates in any dump: Simple passwords, and site-specific passwords. Neither of which are useful to build a stronger ruleset. 
04-13-2015, 09:53 PM
I strongly disagree, James. Duplicates are essential for sorting rules by probability. Just as you'd never generate an hcstat file with a wordlist that's been uniq'd. By removing duplicates you are skewing the stats.
04-14-2015, 12:52 PM
There is advantage and disadvantage in both variants.
It would be nice to add more people from the password cracking scene (like team-insidepro and jtr-users) for this contest, as everyone would benefit from it. @mastercracker & @magnum You guys interessted?
04-14-2015, 10:33 PM
I would like to participate but don't really have the time. I will give it a shot if I have some spare time when you run the contest. If you want to make it a bit more challenging, you can make the contest about the best wordlist + rule combination. The winner being the one who will crack the most passwords using a maximum of x words and y rules. X could be around 0.5 to 3 million and Y around 50 to 500.
|
|
« Next Oldest | Next Newest »
|