Important pages

Latest articles

Recent changes

2012-07-13 Added the recent Yahoo leak to the Leaked password lists and dictionaries page
2012-03-28 New article: 2012-03-28 My participation in The Best64 Challenge
2012-02-26 Updated oclHashcat benchmarking for oclHashcat-plus-0.08b36 and oclHashcat-lite-0.10b10
2012-02-26 New page: oclHashcat benchmarking (benchmarking scripts and benchmark results)
2012-02-25 New article: Parsing and filtering the YouPorn password leak
2012-02-24 Added the recent YouPorn leak to the Leaked password lists and dictionaries page
2012-02-01 New article: How effective is a straight dictionary attack?
2012-01-28 Updated the Leaked password lists and dictionaries page with uniqueness statistics for all leaks
2012-01-26 Passpal 0.4 released
2012-01-26 Passpal statistical summary of 32.6 million plaintext passwords (the complete RockYou leak) posted here
2012-01-25 dictclean 0.1, text encoding verification software, published
2012-01-25 New article: How I found encoding errors in rockyou.txt trying to import dictionaries into MySQL
2012-01-22 Put up some site wide notices (Legal and Contribute) and updated the Leaked password lists and dictionaries page with more Pipal dumps
2012-01-21 Updated the Eastern leaks on the Leaked password lists and dictionaries page with more Passpal dumps, Pipal dumps and other statistics
2012-01-14 Passpal 0.3, password analysis software, published
2012-01-14 Added the recreatief.nl leak and more dictionary statistics to the Leaked password lists and dictionaries page
2012-01-12 Added more dictionaries and links to other dictionaries to the Leaked password lists and dictionaries page
2012-01-09 Added 12 recent Chinese passwords leaks to the Leaked password lists and dictionaries page
2012-01-05 Added Gawker and rootkit.com leaks to the Leaked password lists and dictionaries page
2012-01-05 Added 50 Days of Lulz and Oh Media leaks to the Leaked password lists and dictionaries page
2012-01-03 Added some password analyses to the Leaked password lists and dictionaries page
2012-01-03 Installed DISQUS (comment system at the bottom of all pages)
2012-01-03 Added the Stratfor and CSDN leaks to the Leaked password lists and dictionaries page
2012-01-03 Updated the John the Ripper dictionary to a newer version on the Leaked password lists and dictionaries page

Mission statement

Collect dictionaries and statistics on leaked user databases
Analyze passwords used in the wild and understand how users choose their passwords
Build/generate and publish new dictionaries and oclHashcat rules
Measure, rank and publish how different oclHashcat attacks and rules perform against leaked user passwords
Understand how to employ different oclHashcat attacks and rules most effectively
Explore password security
Have fun

Questions I plan on researching

How do users choose their passwords?
What dictionaries are most effective?
What, if anything, should be brute-forced (lengths, charsets)?
What rules are most effective in a rule attack?
What masks are most effective in a hybrid attack?
How do you perform a combination attack most effectively?
How do you perform a permutation attack most effectively?
In what order should you employ attacks to be most effective?

Make better password analysis software
Building a powerful password recovery PC
Speed comparison of oclHashcat-lite vs oclHashcat-plus and how speed changes with number of hashes
Benchmarking of the –gpu-accel= –gpu-loops= options
Comparing oclHashcat, JtR and other password recovery software
When to use rainbow tables
Crawling pastebins for passwords and leaks

Contact me

Name: T. Alexander Lystad
Email: tal@lystadonline.no
Twitter: @arex1337