Table of Contents
Important pages
Latest articles
Recent changes
- 2012-07-13 Added the recent Yahoo leak to the Leaked password lists and dictionaries page
- 2012-03-28 New article: 2012-03-28 My participation in The Best64 Challenge
- 2012-02-26 Updated oclHashcat benchmarking for oclHashcat-plus-0.08b36 and oclHashcat-lite-0.10b10
- 2012-02-26 New page: oclHashcat benchmarking (benchmarking scripts and benchmark results)
- 2012-02-25 New article: Parsing and filtering the YouPorn password leak
- 2012-02-24 Added the recent YouPorn leak to the Leaked password lists and dictionaries page
- 2012-02-01 New article: How effective is a straight dictionary attack?
- 2012-01-28 Updated the Leaked password lists and dictionaries page with uniqueness statistics for all leaks
- 2012-01-26 Passpal 0.4 released
- 2012-01-25 dictclean 0.1, text encoding verification software, published
- 2012-01-25 New article: How I found encoding errors in rockyou.txt trying to import dictionaries into MySQL
- 2012-01-22 Put up some site wide notices (Legal and Contribute) and updated the Leaked password lists and dictionaries page with more Pipal dumps
- 2012-01-21 Updated the Eastern leaks on the Leaked password lists and dictionaries page with more Passpal dumps, Pipal dumps and other statistics
- 2012-01-14 Passpal 0.3, password analysis software, published
- 2012-01-14 Added the recreatief.nl leak and more dictionary statistics to the Leaked password lists and dictionaries page
- 2012-01-12 Added more dictionaries and links to other dictionaries to the Leaked password lists and dictionaries page
- 2012-01-09 Added 12 recent Chinese passwords leaks to the Leaked password lists and dictionaries page
- 2012-01-05 Added Gawker and rootkit.com leaks to the Leaked password lists and dictionaries page
- 2012-01-05 Added 50 Days of Lulz and Oh Media leaks to the Leaked password lists and dictionaries page
- 2012-01-03 Added some password analyses to the Leaked password lists and dictionaries page
- 2012-01-03 Installed DISQUS (comment system at the bottom of all pages)
- 2012-01-03 Added the Stratfor and CSDN leaks to the Leaked password lists and dictionaries page
- 2012-01-03 Updated the John the Ripper dictionary to a newer version on the Leaked password lists and dictionaries page
Mission statement
- Collect dictionaries and statistics on leaked user databases
- Analyze passwords used in the wild and understand how users choose their passwords
- Build/generate and publish new dictionaries and oclHashcat rules
- Measure, rank and publish how different oclHashcat attacks and rules perform against leaked user passwords
- Understand how to employ different oclHashcat attacks and rules most effectively
- Explore password security
- Have fun
Questions I plan on researching
- How do users choose their passwords?
- What dictionaries are most effective?
- What, if anything, should be brute-forced (lengths, charsets)?
- What rules are most effective in a rule attack?
- What masks are most effective in a hybrid attack?
- How do you perform a combination attack most effectively?
- How do you perform a permutation attack most effectively?
- In what order should you employ attacks to be most effective?
- Make better password analysis software
- Building a powerful password recovery PC
- Speed comparison of oclHashcat-lite vs oclHashcat-plus and how speed changes with number of hashes
- Benchmarking of the –gpu-accel= –gpu-loops= options
- Comparing oclHashcat, JtR and other password recovery software
- When to use rainbow tables
- Crawling pastebins for passwords and leaks
Contact me
- Name: T. Alexander Lystad
- Email: tal@lystadonline.no
- Twitter: @arex1337
