Member-only story
We Will, We Will, Rock You, 2024
In my teaching of hashing methods, we use the RockYou dataset, and which contains a common set of passwords from a company named RockYou. It goes back to 2009, and the passwords used are often fairly simple, such as “123456”. In fact, the passwords are ordered with the most popular ones at the top of the list:
123456
12345
123456789
password
iloveyou
princess
1234567
rockyou
12345678
abc123
nicole
daniel
babygirl
monkey
lovely
jessica
654321
michael
ashley
qwerty
111111
iloveu
000000Sites such as Have I Been Pwned have since documented the leak of user credentials over the years.
Now a new dataset have been leaked — RockYou2024 — and which contains around 10 billion unique plaintext passwords (well, 9,948,575,739 unique passwords). It has an update of around 1.5 million passwords from the previously released RockYou2021 dataset [here]:
Example
In this example, we will use the original rockyou dataset and Hashcat to illustrate the weakness. With a hashed password, we use a hashing method, such as MD5, to produce a hash value. As it is relatively easy to map the hashed output back to the original data, we typically…
