The Top 500 Worst Passwords and Their Hashes

You shouldn’t use raw MD5 or SHA1 password hashes for storing authentication info, you should absolutely always use a randomized salt (bonus points for using something like Blowfish or PBKDF2 with a high number of iterations).

I was playing with the BozoCrack utility, which mines Google for MD5 hashes, and found a list of the Top 500 Worst Passwords of All Time. Not all of them were found by BozoCrack, so here’s a definitive list…

Hashes of The Top 500 Worst Passwords of All Time in MD5, SHA1, SHA256, and SHA512.

Chris Meller @chrismeller

Awesome Coder. Unashamed PHP Lover. Dot Net Developer. Mac User. nGinx Enthusiast. Open Data Addict. Frequent FOIA Filer. @habari Cabal Member. System Admin. Nerd.

The Top 500 Worst Passwords and Their Hashes