Add feature - Troy Hunt password pwnage



  • [Deleted User]
    [Deleted User]
    Community Member

    Couple of thoughts:

    1. Troy’s list currently contains 320 million compromised passwords, probably including many dictionary words (maybe even the complete works of Shakespeare, just not in the right order).
    2. No list will ever be complete.

    With those points in mind, some ways of cutting the list down:

    1. How about removing all of the weak passwords that the 1Password security audit would cover?
    2. From the comments:

    One possibility that could be considered to cut down on file size is to distribute a Bloom filter

    midnucas, Introducing 306 Million Freely Downloadable Pwned Passwords

    midnucas suggests a huge reduction in file sizes is possible:

    Users willing to tolerate much higher false positive rates can reduce the file size significantly; for example if a 1-in-500 failure rate is tolerable you can fit the 306 million items into a 512 MiB filter with ten 32-bit hashes.

    Thankfully there’s a Bloom filter page in Simple English so even I might try and understand it.
    3. In future versions of the list, Troy has said he will include a prevalence column. So the list could be cut down even more, for example, just have the top 10,000 passwords.

    It could be possible to get a trimmed password list down to a few tens of megabytes.

  • AGAlumB
    1Password Alumni
    edited August 2017

    @neeklamy: Nice. Those are all good ideas. If we could really get it down to megabytes, that could be doable. Thanks for the suggestions! :)

    ref: OPM-5263

This discussion has been closed.