[cryptography] Password Blacklist that includes Adobe's Motherload?

nickg nickg at client9.com
Wed Nov 13 22:49:47 EST 2013


Take a look at http://dazzlepod.com/uniqpass/

Previously, I’m just kept that file as is, and did a case-insentive binary search directly on disk… took maybe 10 seeks ~ 1ms to see if something was present or not and could be done via command line.   No index required, no loading required.  I’m happy to post the code if you are interested.

For perhaps better storage, take a look at LevelDB https://code.google.com/p/leveldb/  but the previous solution worked so well it wasn’t required.

good luck!

nickg


2013/11/14 12:29、shawn wilson <ag4ve.us at gmail.com> のメール:

> On Wed, Nov 13, 2013 at 9:13 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> Hi All,
>> 
>> Is anyone aware of a blacklist that includes those 150 million records
>> from Adobe's latest breach?
>> 
> 
> This is the only thing I've seen (haven't really looked):
> http://stricture-group.com/files/adobe-top100.txt
> 
>> I tried finding a list and was not successful. Bonus points if
>> implemented as a bloom filter (I'm interested in seeing how small that
>> list can be in practice, and I'd like to use it for its small
>> footprint).
>> 
> 
> I did some quick searching and I don't see a PAM module to take that
> structure. It'd be interresting for other work we're doing if someone
> knows different.
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography



More information about the cryptography mailing list