RockYou2024 leak of 10 billion passwords - the biggest password leak ever
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
https://mashable.com/article/rockyou2024-leaked-password-database

Cybernews researchers discovered what appears to be the largest password
compilation with a staggering 9,948,575,739 unique plaintext passwords. The
file with the data, titled rockyou2024.txt, was posted on July 4th by forum
user ObamaCare.

While the user registered in late May 2024, they have previously shared an
employee database from the law firm Simmons & Simmons, a lead from an
online casino AskGamblers, and student applications for Rowan College at
Burlington County.

The team cross-referenced the passwords included in the RockYou2024 leak
with data from Cybernews' Leaked Password Checker, which revealed that
these passwords came from a mix of old and new data breaches.

"In its essence, the RockYou2024 leak is a compilation of real-world
passwords used by individuals all over the world. Revealing that many
passwords for threat actors substantially heightens the risk of credential
stuffing attacks," researchers said.

Credential stuffing attacks can be severely damaging for users and
businesses. For example, a recent wave of attacks targeting Santander,
Ticketmaster, Advance Auto Parts, QuoteWizard, and others was a direct
result of credential stuffing attacks against the victims' cloud service
provider, Snowflake.

"Threat actors could exploit the RockYou2024 password compilation to
conduct brute-force attacks and gain unauthorized access to various online
accounts used by individuals who employ passwords included in the dataset,"
the team explained.

On 2024-07-06 19:28, Mickey D wrote:
>
> "Threat actors could exploit the RockYou2024 password compilation to
> conduct brute-force attacks and gain unauthorized access to various online
> accounts used by individuals who employ passwords included in the dataset,"
> the team explained.

Why Passkeys should be used wherever financial transactions or sensitive
information are concerned. Or at least TFA.

And passwords need to be strong - computer generated is always best.

Otherwise password access should have time outs.

1st time wrong: no delay
2nd time wrong: 1 s delay
3rt time wrong: 2 s delay
4th time wrong: 4 s
5 8 s

10 4 hour delay, then reset to 0 delay.

Brute force login attacks would simply not work.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 07/07/2024 12:26, Alan Browne wrote:
> On 2024-07-06 19:28, Mickey D wrote:
>>
>> "Threat actors could exploit the RockYou2024 password compilation to
>> conduct brute-force attacks and gain unauthorized access to various
>> online
>> accounts used by individuals who employ passwords included in the
>> dataset,"
>> the team explained.
>
> Why Passkeys should be used wherever financial transactions or sensitive
> information are concerned.  Or at least TFA.
>
> And passwords need to be strong - computer generated is always best.
>
> Otherwise password access should have time outs.
>
> 1st time wrong: no delay
> 2nd time wrong: 1 s delay
> 3rt time wrong: 2 s delay
> 4th time wrong: 4 s
> 5               8 s
>
> 10              4 hour delay, then reset to 0 delay.
>
> Brute force login attacks would simply not work.
>

A better solution would be to use a hashing algorithm like Argon2 that
is designed to be resistant to such attacks. That way, if you get
offline access to a database somehow - which is how these passwords were
derived - cracking takes a stupid amount of time.

Such modern algorithms use things like salting by default as well, which
eliminates rainbow table attacks (pre-computed lists of hashes and their
passwords), meaning you need to perform the slow and expensive
brute-force method.

Also, a timeout would only help with online logins. Offline ones are the
real deal, because you can go ham with no consequence.

That said, your idea of using computer-generated passwords is great. I
use 64-character random passwords generated by KeePassXC. It works
great, except for the websites that want shorter passwords, for some
bizarre reason.

On Sun, 7 Jul 2024 18:27:18 +0100, Gordinator wrote:

> A better solution would be to use a hashing algorithm like Argon2 that
> is designed to be resistant to such attacks.

Can someone who knows let me know WHAT was published online?

Is it people's login and passwords?
Or just a long list of people's passwords?

If it's just a long list of passwords, what good is that?
A dictionary like lookup would work as well, wouldn't it?

On 2024-07-07 15:03, Bill Powell wrote:

> Can someone who knows let me know WHAT was published online?
>
> Is it people's login and passwords?
> Or just a long list of people's passwords?
>
> If it's just a long list of passwords, what good is that?
> A dictionary like lookup would work as well, wouldn't it?

It's just a list of passwords.

Depends on what you mean by "dictionary" as the password list won't have
things that are in any given dictionary (no matter what the kind).

It is usable to verify that your password is not "in there". I wrote a
quick program to do just that - but my passwords are too ridiculous -
never mind anyone figuring the login name and where it's being used.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 2024-07-07 13:27, Gordinator wrote:
> On 07/07/2024 12:26, Alan Browne wrote:
>> On 2024-07-06 19:28, Mickey D wrote:
>>>
>>> "Threat actors could exploit the RockYou2024 password compilation to
>>> conduct brute-force attacks and gain unauthorized access to various
>>> online
>>> accounts used by individuals who employ passwords included in the
>>> dataset,"
>>> the team explained.
>>
>> Why Passkeys should be used wherever financial transactions or
>> sensitive information are concerned.  Or at least TFA.
>>
>> And passwords need to be strong - computer generated is always best.
>>
>> Otherwise password access should have time outs.
>>
>> 1st time wrong: no delay
>> 2nd time wrong: 1 s delay
>> 3rt time wrong: 2 s delay
>> 4th time wrong: 4 s
>> 5               8 s
>>
>> 10              4 hour delay, then reset to 0 delay.
>>
>> Brute force login attacks would simply not work.
>>
>
> A better solution would be to use a hashing algorithm like Argon2 that
> is designed to be resistant to such attacks. That way, if you get
> offline access to a database somehow - which is how these passwords were
> derived - cracking takes a stupid amount of time.

Having such a list won't help against such.

> Such modern algorithms use things like salting by default as well, which
> eliminates rainbow table attacks (pre-computed lists of hashes and their
> passwords), meaning you need to perform the slow and expensive
> brute-force method.

Indeed, but the issue is the brute force from the outside. (Which also
needs a target site and account name ... already getting very unlikely).

>
> Also, a timeout would only help with online logins. Offline ones are the
> real deal, because you can go ham with no consequence.

That implies they've copied an entire system and are going after info in
it. Since the pw database is (as you mention salted an encrypted) such
an attack will go exactly nowhere with the passwords in the list - esp.
when the salt is derived from other customer data.

> That said, your idea of using computer-generated passwords is great. I
> use 64-character random passwords generated by KeePassXC. It works
> great, except for the websites that want shorter passwords, for some
> bizarre reason.

64 char is overkill. 20 char is much more than sufficient assuming it's
random.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

Alan Browne <bitbucket@blackhole.com> wrote:
> On 2024-07-06 19:28, Mickey D wrote:
>>
>> "Threat actors could exploit the RockYou2024 password compilation to
>> conduct brute-force attacks and gain unauthorized access to various online
>> accounts used by individuals who employ passwords included in the dataset,"
>> the team explained.
>
> Why Passkeys should be used wherever financial transactions or sensitive
> information are concerned. Or at least TFA.

Or, crazy idea, tighten up personal privacy laws like some ridicule the EU
for.

It would certainly crystallise minds if companies risked fines of 10% of
global turnover.

On 2024-07-07 17:39, Chris wrote:
> Alan Browne <bitbucket@blackhole.com> wrote:
>> On 2024-07-06 19:28, Mickey D wrote:
>>>
>>> "Threat actors could exploit the RockYou2024 password compilation to
>>> conduct brute-force attacks and gain unauthorized access to various online
>>> accounts used by individuals who employ passwords included in the dataset,"
>>> the team explained.
>>
>> Why Passkeys should be used wherever financial transactions or sensitive
>> information are concerned. Or at least TFA.
>
> Or, crazy idea, tighten up personal privacy laws like some ridicule the EU
> for.
>
> It would certainly crystallise minds if companies risked fines of 10% of
> global turnover.

I don't disagree with what you wish, but it will have 0 effect on people
with bad security practices and 0 effect on criminals attempting to
break into systems.

The internet grew up from nothing to everywhere all at once and the
security implications lagged that by near 20 years.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

Alan Browne wrote on Sun, 7 Jul 2024 18:40:50 -0400 :

> it will have 0 effect on people with bad security practices

The problem is lots of people have no good way to remember passwords.

What I do, for example, is:
1. I store passwords in a cross-platform encrypted desktop manager
(KeepassXC)

2. I sync the kdbx database periodically keeping the master on the PC.
Note that my passwords almost never are changed on a mobile device.

3. Every platform has a free program to read that kdbx file, I think.
For example, Windows, Linux & macOS can use the KeepassXC passwd mgr.
<https://keepassxc.org/download/>

Android uses, for example, Keepass2Android, but others exist.
<https://play.google.com/store/apps/details?id=keepass2android.keepass2android>

iOS uses KeePassium for example, but others also likely exist.
<https://apps.apple.com/us/app/keepassium-keepass-passwords/id1435127111>

Each time I'm forced to create a login/passwd combination, I type "vipw"
which, on Windows, has for decades, brought up the native password manager.

Each time I need a login/password, I also type "vipw" into Windows, and up
comes that same password manager, with the sort order usually set to LIFO.

But how many people do that?

Alan Browne <bitbucket@blackhole.com> wrote:
> On 2024-07-07 17:39, Chris wrote:
>> Alan Browne <bitbucket@blackhole.com> wrote:
>>> On 2024-07-06 19:28, Mickey D wrote:
>>>>
>>>> "Threat actors could exploit the RockYou2024 password compilation to
>>>> conduct brute-force attacks and gain unauthorized access to various online
>>>> accounts used by individuals who employ passwords included in the dataset,"
>>>> the team explained.
>>>
>>> Why Passkeys should be used wherever financial transactions or sensitive
>>> information are concerned. Or at least TFA.
>>
>> Or, crazy idea, tighten up personal privacy laws like some ridicule the EU
>> for.
>>
>> It would certainly crystallise minds if companies risked fines of 10% of
>> global turnover.
>
> I don't disagree with what you wish, but it will have 0 effect on people
> with bad security practices

I disagree. It will help proactively protect them from themselves. Unlike
the current system in the US where the only response is reactively via law
suits years after people's lives have been affected.

> and 0 effect on criminals attempting to
> break into systems.

Again, disagree. If an org is forced to comply with stricter regulations
regarding data security then that will automatically reduce the target
surface.

However, criminals can be very smart and will change tactics.

> The internet grew up from nothing to everywhere all at once and the
> security implications lagged that by near 20 years.

Which is why we're now seeing more social engineering attacks nowadays that
technical attacks. I'm far less worried about malware today than I used to
be.

On 2024-07-08 03:59, Chris wrote:
> Alan Browne <bitbucket@blackhole.com> wrote:
>> On 2024-07-07 17:39, Chris wrote:
>>> Alan Browne <bitbucket@blackhole.com> wrote:

>>>> Why Passkeys should be used wherever financial transactions or sensitive
>>>> information are concerned. Or at least TFA.
>>>
>>> Or, crazy idea, tighten up personal privacy laws like some ridicule the EU <-- [AAA]
>>> for.
>>>
>>> It would certainly crystallise minds if companies risked fines of 10% of
>>> global turnover.
>>
>> I don't disagree with what you wish, but it will have 0 effect on people
>> with bad security practices
>
> I disagree. It will help proactively protect them from themselves. Unlike
> the current system in the US where the only response is reactively via law
> suits years after people's lives have been affected.

You're talking about "personal privacy laws" which is not directly
related to computer security. One is policy implementation the other is
security implementation.

>> and 0 effect on criminals attempting to
>> break into systems.
>
> Again, disagree. If an org is forced to comply with stricter regulations
> regarding data security then that will automatically reduce the target
> surface.

Now you changed gears (was: [AAA] "personal privacy").

>
> However, criminals can be very smart and will change tactics.

The most successful side is phishing in one form or another - and that
will never stop.

Still - poking around for system security weaknesses will never stop.

Main things server side is _at least_ TFA and better: Passkeys.

>> The internet grew up from nothing to everywhere all at once and the
>> security implications lagged that by near 20 years.
>
> Which is why we're now seeing more social engineering attacks nowadays that
> technical attacks. I'm far less worried about malware today than I used to
> be.

Yet, they hackers keep hacking. And don't forget that any new website
implementation might be especially weak.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

Alan Browne <bitbucket@blackhole.com> wrote:
> On 2024-07-08 03:59, Chris wrote:
>> Alan Browne <bitbucket@blackhole.com> wrote:
>>> On 2024-07-07 17:39, Chris wrote:
>>>> Alan Browne <bitbucket@blackhole.com> wrote:
>
>>>>> Why Passkeys should be used wherever financial transactions or sensitive
>>>>> information are concerned. Or at least TFA.
>>>>
>>>> Or, crazy idea, tighten up personal privacy laws like some ridicule the EU <-- [AAA]
>>>> for.
>>>>
>>>> It would certainly crystallise minds if companies risked fines of 10% of
>>>> global turnover.
>>>
>>> I don't disagree with what you wish, but it will have 0 effect on people
>>> with bad security practices
>>
>> I disagree. It will help proactively protect them from themselves. Unlike
>> the current system in the US where the only response is reactively via law
>> suits years after people's lives have been affected.
>
> You're talking about "personal privacy laws" which is not directly
> related to computer security.

We're talking about data protection - I miswrote when I said personal
privacy - laws. Which for personal digital data requires appropriate
computer security on the side of the data organisation.

> One is policy implementation the other is
> security implementation.

They're part of the same process.

>>> and 0 effect on criminals attempting to
>>> break into systems.
>>
>> Again, disagree. If an org is forced to comply with stricter regulations
>> regarding data security then that will automatically reduce the target
>> surface.
>
> Now you changed gears (was: [AAA] "personal privacy").

I didn't mention AAA. I mentioned EU and by implication, GDPR.

On 07.07.24 01:28, Mickey D wrote:
> RockYou2024 leak of 10 billion passwords - the biggest password leak ever
> https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
> https://mashable.com/article/rockyou2024-leaked-password-database

This is a non-event. Just a compilation of passwords from breaches in
the past.

--
"Mille viae ducunt hominem per saecula Romam." (Alanus ab Insulis 1120-1202)

On Wed, 10 Jul 2024 11:21:31 +0200, J�rg Lorenz wrote:

> This is a non-event.

Nobody needs your opinion, Arlen.

Nick Cine <nickcine@is.invalid> wrote:
> On Wed, 10 Jul 2024 11:21:31 +0200, Jörg Lorenz wrote:
>
>> This is a non-event.
>
> Nobody needs your opinion, Arlen.
>

This is the ultimate insult to Lorenz! Well played!

On 10.07.24 15:58, Nick Cine wrote:
> On Wed, 10 Jul 2024 11:21:31 +0200, J�rg Lorenz wrote:
>
>> This is a non-event.
>
> Nobody needs your opinion, Arlen.

Your post shows that you are a bloody beginner in the Usenet, Arlen.

Path:
eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: Nick Cine <nickcine@is.invalid>
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,comp.sys.mac.system
Subject: Re: RockYou2024 leak of 10 billion passwords - the biggest
password leak ever
Date: Wed, 10 Jul 2024 07:58:07 -0600
Message-ID: <v6m41f$dvu5$1@solani.org>
References: <v6cjud$1sp0$1@nnrp.usenet.blueworldhosting.com>
<v6ljqr$1rgur$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 10 Jul 2024 13:58:07 -0000 (UTC)
Injection-Info: solani.org;
logging-data="458693"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Usenapp/0.93/l for MacOS - Full License
Cancel-Lock: sha1:OW/2HnHh3wfkDl5Oc/xkpUrBFJM=
X-User-ID:
eJwFwQcBADAIAzBL4xSKHHbwL2EJLCROeiAcg9mpsKqjux+ks0rRK/WWrRzyjRhZrnmFvPwK2RA1
Xref: news.eternal-september.org comp.mobile.android:116605
misc.phone.mobile.iphone:189016 comp.sys.mac.system:196133

And in particular you do not understand what this crap "RockYou2024
leak" is.

--
"Alea iacta est." (Julius Caesar)

On 10.07.24 16:11, badgolferman wrote:
> Nick Cine <nickcine@is.invalid> wrote:
>> On Wed, 10 Jul 2024 11:21:31 +0200, Jörg Lorenz wrote:
>>
>>> This is a non-event.
>>
>> Nobody needs your opinion, Arlen.
>>
>
> This is the ultimate insult to Lorenz! Well played!

My goodness! You are getting really senile, man.

--
"Alea iacta est." (Julius Caesar)

On Wed, 10 Jul 2024 16:39:22 +0200, J�rg Lorenz wrote:

> Your post shows that you are a bloody beginner in the Usenet.

Shut up Arlen. Say something useful for once, you fucking moron.

On 2024-07-09 18:30, Chris wrote:
> Alan Browne <bitbucket@blackhole.com> wrote:
>> On 2024-07-08 03:59, Chris wrote:
>>> Alan Browne <bitbucket@blackhole.com> wrote:
>>>> On 2024-07-07 17:39, Chris wrote:
>>>>> Alan Browne <bitbucket@blackhole.com> wrote:
>>
>>>>>> Why Passkeys should be used wherever financial transactions or sensitive
>>>>>> information are concerned. Or at least TFA.
>>>>>
>>>>> Or, crazy idea, tighten up personal privacy laws like some ridicule the EU <-- [AAA]
>>>>> for. ------ [BBB] --------
>>>>>
>>>>> It would certainly crystallise minds if companies risked fines of 10% of
>>>>> global turnover.
>>>>
>>>> I don't disagree with what you wish, but it will have 0 effect on people
>>>> with bad security practices
>>>
>>> I disagree. It will help proactively protect them from themselves. Unlike
>>> the current system in the US where the only response is reactively via law
>>> suits years after people's lives have been affected.
>>
>> You're talking about "personal privacy laws" which is not directly
>> related to computer security.
>
> We're talking about data protection - I miswrote when I said personal
> privacy - laws. Which for personal digital data requires appropriate
> computer security on the side of the data organisation.

Which is widely practiced by most corps. and not by some.

>> One is policy implementation the other is
>> security implementation.
>
> They're part of the same process.

Not at all. Security is defensive to principally protect the assets and
operations of the company (customer info being assets too);
privacy is many things, but unfortunately it's a commodity to profit
from unless there are laws to contain it.

>
>>>> and 0 effect on criminals attempting to
>>>> break into systems.
>>>
>>> Again, disagree. If an org is forced to comply with stricter regulations
>>> regarding data security then that will automatically reduce the target
>>> surface.
>>
>> Now you changed gears (was: [AAA] "personal privacy").
>
> I didn't mention AAA. I mentioned EU and by implication, GDPR.

[AAA] was a label I added to the text to point to your "personal privacy
laws" mention. Look higher in the thread - it's still there.
Here - I've add BBB to it (above about 10 lines from top).

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 7/6/24 7:28 PM, Mickey D wrote:
> Cybernews researchers discovered what appears to be the largest password
> compilation with a staggering 9,948,575,739 unique plaintext passwords. The
> file with the data, titled rockyou2024.txt, was posted on July 4th by forum
> user ObamaCare.

I'm currently experimenting with Apple's new OS 15 "Sequoia"
on an external SSD.

One of the new features of this release will be the Apple
"Passwords" app.

Although (up to this point) I've kept all my passwords in a
self-created database, I opened Passwords to see what it was
like.

It had already compiled a list of passwords that I'd been
using on the experimental Sequoia SSD.

But one feature that looked welcome was...
.... it identified two of my passwords that may have recently
been "compromised". It looks like the Passwords app is
reaching into some "resevoir" of "known-compromised"
passwords, or perhaps even Apple has acquired some of these
giant purloined password files.

In any case, it lets you know if specific passwords you're
using may be compromised...

On 2024-07-11, Fishrrman <Fishrrman2000@yahoo.com> wrote:
>
> I'm currently experimenting with Apple's new OS 15 "Sequoia" on an
> external SSD.
>
> One of the new features of this release will be the Apple "Passwords"
> app.
>
> Although (up to this point) I've kept all my passwords in a
> self-created database, I opened Passwords to see what it was like.
>
> It had already compiled a list of passwords that I'd been using on the
> experimental Sequoia SSD.

Those are passwords you entered in Safari presumably, which stored them
in the Keychain. In previous releases Keychain passwords were accessible
either in the System Settings > Passwords pane or in the Keychain app,
depending on the macOS release version.

> But one feature that looked welcome was... ... it identified two of
> my passwords that may have recently been "compromised". It looks like
> the Passwords app is reaching into some "resevoir" of
> "known-compromised" passwords, or perhaps even Apple has acquired some
> of these giant purloined password files.
>
> In any case, it lets you know if specific passwords you're using may
> be compromised...

Yes, that's been a Keychain feature for some time now. It even has
buttons that take you to the website in question to change your password
there. It's pretty handy.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

On 2024-07-11 16:17, Fishrrman wrote:
> On 7/6/24 7:28 PM, Mickey D wrote:
>> Cybernews researchers discovered what appears to be the largest password
>> compilation with a staggering 9,948,575,739 unique plaintext
>> passwords. The
>> file with the data, titled rockyou2024.txt, was posted on July 4th by
>> forum
>> user ObamaCare.
>
>
> I'm currently experimenting with Apple's new OS 15 "Sequoia" on an
> external SSD.
>
> One of the new features of this release will be the Apple "Passwords" app.
>
> Although (up to this point) I've kept all my passwords in a self-created
> database, I opened Passwords to see what it was like.
>
> It had already compiled a list of passwords that I'd been using on the
> experimental Sequoia SSD.
>
> But one feature that looked welcome was...
> ... it identified two of my passwords that may have recently been
> "compromised". It looks like the Passwords app is reaching into some
> "resevoir" of "known-compromised" passwords, or perhaps even Apple has
> acquired some of these giant purloined password files.
>
> In any case, it lets you know if specific passwords you're using may be
> compromised...

Good thing.

I DL'd an earlier RockYou and exported my passwords from 1Password to a
flatfile (.txt). The obtuse 1Password text file format (clearly
"evolved over time" <cough>) took some time to code for. This program
searched all my passwords against the RockYou file. One showed up. A
complex password that some company generously leaked to the world once
upon a time. While I had changed the password on the site I hadn't
flushed the backup of it from 1P and it was in the 1P file... since
abandoned that co. but a copy of that pw is forever in Rockyou variants.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 2024-07-11, Alan Browne <bitbucket@blackhole.com> wrote:
> On 2024-07-11 16:17, Fishrrman wrote:
>> On 7/6/24 7:28 PM, Mickey D wrote:
>>> Cybernews researchers discovered what appears to be the largest
>>> password compilation with a staggering 9,948,575,739 unique
>>> plaintext passwords. The file with the data, titled rockyou2024.txt,
>>> was posted on July 4th by forum user ObamaCare.
>>
>> I'm currently experimenting with Apple's new OS 15 "Sequoia" on an
>> external SSD.
>>
>> One of the new features of this release will be the Apple "Passwords"
>> app.
>>
>> Although (up to this point) I've kept all my passwords in a
>> self-created database, I opened Passwords to see what it was like.
>>
>> It had already compiled a list of passwords that I'd been using on
>> the experimental Sequoia SSD.
>>
>> But one feature that looked welcome was... ... it identified two of
>> my passwords that may have recently been "compromised". It looks like
>> the Passwords app is reaching into some "resevoir" of
>> "known-compromised" passwords, or perhaps even Apple has acquired
>> some of these giant purloined password files.
>>
>> In any case, it lets you know if specific passwords you're using may
>> be compromised...
>
> Good thing.
>
> I DL'd an earlier RockYou and exported my passwords from 1Password to
> a flatfile (.txt). The obtuse 1Password text file format (clearly
> "evolved over time" <cough>) took some time to code for. This program
> searched all my passwords against the RockYou file. One showed up. A
> complex password that some company generously leaked to the world once
> upon a time. While I had changed the password on the site I hadn't
> flushed the backup of it from 1P and it was in the 1P file... since
> abandoned that co. but a copy of that pw is forever in Rockyou
> variants.

The current version of rockyou2024.txt is here, for anyone interested:

magnet:?xt=urn:btih:4e3915a8ecf6bc174687533d93975b1ff0bde38a

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

On 2024-07-11 20:21, Jolly Roger wrote:

> The current version of rockyou2024.txt is here, for anyone interested:
>
> magnet:?xt=urn:btih:4e3915a8ecf6bc174687533d93975b1ff0bde38a

Nothing coming of that. I'll get it elsewhere.

Have to re-gen that 1P text file from the old iMac. Not the sort of
thing you leave around unencrypted.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 10.07.24 15:58, Nick Cine wrote:
> Nobody needs your opinion, Arlen.

Arlen. You are a primitive and brain dead Troll.

--
"De gustibus non est disputandum."