For folks asking about 8.4B record “RockYou2021” password list that’s in the news today, this is an aggregation of multiple other lists. For example, this password cracking list: crackstation.net/crackstation-w…
Among other things, it contains “every word in the Wikipedia databases” and words from the Project Gutenberg free ebook collection: gutenberg.org
Unlike the original 2009 RockYou data breach and consequent word list, these are not “pwned passwords”; it’s not a list of real world passwords compromised in data breaches, it’s just a list of words and the vast majority have *never* been passwords
Just do the maths: about 4.7B people use the internet. They reuse passwords like crazy not just across the services each individual uses, but different people use the same passwords. Then, only a small portion of all the services out there have been breached.
Continuing the maths, the increasing prevalence of stronger password hashing algorithms in data breaches make it harder to extract plain text passwords for use in lists like this so the real number of exposed and *usable* passwords declines again
So, are there 8.4B passwords out there *in total*, let alone breached, cracked and in a single list? No, not by a long shot.
This list is about 14 times larger than what’s in Pwned Passwords because the vast, vast majority of it isn’t passwords. Word lists used for cracking passwords, sure, but not real world passwords so they won’t be going into @haveibeenpwned
Still really surprised this has made headlines and been shared to the extent it has, it’s like people don’t read stories before sharing them…
Tempted to add a 1 to the end of each “password”, join it back to the original list and ship it to the media as 16.8B passwords!
• • •
Missing some Tweet in this thread? You can try to
force a refresh
I’m very happy to announce that @haveibeenpwned’s Pwned Passwords is now open source under the @dotnetfdn. Now we’ve got some work to do: building an ingestion pipeline for new passwords provided by the @FBI on an ongoing basis. This is super cool 😎 troyhunt.com/pwned-password…
There’s so much I love about this, starting with the fact that it removes a huge barrier for many orgs considering using Pwned Passwords: if I have an unfortunate jet ski related accident and can no longer run the service, you can pick it up and run it yourself.
And because all the passwords are already freely downloadable from @haveibeenpwned, all the data is already in the public domain. Open sourcing the code compliments the already open sourced data.
It’s finally here - the @haveibeenpwned 3D logo 😎 The reason I bought the @Prusa3D in the first place was to make a bunch of these and hand them out in my travels. A little tweaking to do then I’ll pump out a bunch and give ‘em away.
Pretty happy with this now, might need to start some mass production:
Is there a device to keep multi-monitor setups aligned? Other than duct tape, of course.
Alrighty, fixing this problem: first up, a bunch of 25mm Velcro measured and cut to size for a nice vertical fit along the edge of each screen (the 50mm one comes later)
Next, some spirit level perfection to keep the centre screen straight and the same distance on each end off the wall, plus the Ergotron arm well and truly tightened up
I actually couldn't find any of my own or my family's data in the Australia file which has 7.3M rows. Having said that, I'm hearing from other trustworthy sources that the data is legit and that seems a reasonable assumption to work on for now.
Oh wow, there’s so much to unpack in this video by @LewSpears. Maybe just start by watching it (it’s hilarious, but probably NSFW so wait until you get hom... oh, yeah)
Subsequently, @lorenzofb did a story eloquently titled “Your Cock Is Now Mine” in response to @LewSpears reaching out to him in the earlier video and pretending to have had his wedding tackle cyber’d.
Can anyone verify the legitimacy of this? It appears to indicate multiple Gab accounts were compromised to post the message in the video, including the official account and that of the CEO: