Legal disclaimer >>> The information on this site is intended to be used for legal and ethical purposes like research, education, journalism and educating the public. Our intention is to comply with any and all applicable laws. If you can provide legal advice, please let us know.

Contribute >>> Have new or missing information? See something wrong? Use the comment section at the bottom of all pages, email or Twitter.

Stay up to date >>> Follow us on Twitter.

Important pages

Latest articles

Recent changes

Mission statement

  • Collect dictionaries and statistics on leaked user databases
  • Analyze passwords used in the wild and understand how users choose their passwords
  • Build/generate and publish new dictionaries and oclHashcat rules
  • Measure, rank and publish how different oclHashcat attacks and rules perform against leaked user passwords
  • Understand how to employ different oclHashcat attacks and rules most effectively
  • Explore password security
  • Have fun

Questions I plan on researching

  • How do users choose their passwords?
  • What dictionaries are most effective?
  • What, if anything, should be brute-forced (lengths, charsets)?
  • What rules are most effective in a rule attack?
  • What masks are most effective in a hybrid attack?
  • How do you perform a combination attack most effectively?
  • How do you perform a permutation attack most effectively?
  • In what order should you employ attacks to be most effective?
  • Make better password analysis software
  • Building a powerful password recovery PC
  • Speed comparison of oclHashcat-lite vs oclHashcat-plus and how speed changes with number of hashes
  • Benchmarking of the –gpu-accel= –gpu-loops= options
  • Comparing oclHashcat, JtR and other password recovery software
  • When to use rainbow tables
  • Crawling pastebins for passwords and leaks

Contact me

Print/export