CrackStation's Password Cracking Dictionary
I am releasing CrackStation's main password cracking dictionary (1,493,677,782 words, 15GB) for download.
What's in the list?
The list contains every wordlist, dictionary, and password database leak that I could find on the internet (and I spent a LOT of time looking). It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of books from Project Gutenberg. It also includes the passwords from some low-profile database breaches that were being sold in the underground years ago.
The format of the list is a standard text file sorted in non-case-sensitive alphabetical order. Lines are separated with a newline "\n" character.
You can test the list without downloading it by giving SHA256 hashes to the free hash cracker or to @PlzCrack on twitter. Here's a tool for computing hashes easily. Here are the results of cracking LinkedIn's and eHarmony's password hash leaks with the list.
The list is responsible for cracking about 30% of all hashes given to CrackStation's free hash cracker, but that figure should be taken with a grain of salt because some people try hashes of really weak passwords just to test the service, and others try to crack their hashes with other online hash crackers before finding CrackStation. Using the list, we were able to crack 49.98% of one customer's set of 373,000 human password hashes to motivate their move to a better salting scheme.
Step 1: Pay what you want.
The wordlist is being sold using a "pay what you want" model. That means you can pay absolutely any amount of money you want for the wordlist. Even nothing. Use the PayPal donate button, Bitcoin address, or Litecoin address below to make your payment.
How much should I pay?
Think about the following points when deciding how much to pay:
- If I wasn't doing a "pay what want" I would set the price at $5.
- The money will be used for open source security research and development projects.
- It took about 3 weeks of full-time work to make this dictionary (searching, downloading, scripting, processing).
- I will not be offended by small payments.
- If you have no money or don't want to pay, seeding the torrents and sharing this page with your friends is appreciated!
Step 2: Download!
Note: To download the torrents, you will need a torrent client like Transmission (for Linux and Mac), or uTorrent for Windows.
GZIP-compressed (level 9). 4.2 GiB compressed. 15 GiB uncompressed.
HTTP Mirror (Slow)
MD5: 4748a72706ff934a17662446862ca4f8 SHA1: efa3f5ecbfba03df523418a70871ec59757b6d3f SHA256: a6dc17d27d0a34f57c989741acdd485b8aee45a6e9796daf8c9435370dc61612
Smaller Wordlist (Human Passwords Only)
I got some requests for a wordlist with just the "real human" passwords leaked from various website databases. This smaller list contains just those passwords. There are about 64 million passwords in this list!
MD5: fbc3ca43230086857aac9b71b588a574 SHA1: 116c5f60b50e80681842b5716be23951925e5ad3 SHA256: 201f8815c71a47d39775304aa422a505fc4cca18493cfaf5a76e608a72920267
Sharing and Licensing
You are allowed to share these lists! They are both licensed under the Creative Commons Attribution-ShareAlike 3.0 license. If you do share them, I would appreciate it if you included a link to this page.