1.6 Billion Passwords in a Single List
Yet another big dictionary
During security audits, I often need to crack some hashes. A dictionary attack is the fastest way to recover passwords but it is limited by the content of the dictionary.
I decided to build my own list of passwords that have already been used in the real world.
This work is based on:
- dictionaries of various security tools,
- passwords extracted from public data breaches,
- passwords recovered from publicly available hashes.
You can download the complete dictionary here.
A small subset of that dictionary is also available. It is made 98% of the 10 million most used passwords of the Have I Been Pwned password database. Have I Been Pwned only provides hashes of passwords. The dictionary I built is able to recover more than 98 % of the hashes of the 10 million most used passwords. This smaller list is sorted by frequency.
Here are the SHA-384 checksums of the files.
Please, use this for legal purposes only.