RockYou2024 is the biggest leak compilation of real-world passwords used by individuals all over the world, with almost 10 billion unique plaintext passwords posted on July 4th by forum user ObamaCare.
Currently, there are many sites that offer to validate if our passwords have been leaked or match those on the RockYou2024 list; however, I find it ironic to share our passwords on the web to validate that they have not been leaked, so I share this repository with the solution I used to perform my validation locally in case it may be useful to someone.
-
Download
rockyou2024.zipfile in yourDownloadsdirectory with the following magnet link using a BitTorrent client (i.e. Transmission):magnet:?xt=urn:btih:4e3915a8ecf6bc174687533d93975b1ff0bde38a -
Uncompress the
rockyou2024.zip(49 GB) file to get therockyou2024.txt(156 GB) file:unzip rockyou2024.zip
-
Verify SHA-256 checksum:
echo "457361a871f111014573ab3bda3e0f5dafd489a3217b62fc8cfb14c74d59bb11 rockyou2024.txt" | sha256sum -c
-
Clone this git repository:
git clone https://gitlab.com/fcestrada/rockyou2024.git && cd rockyou2024
-
Put the downloaded
rockyou2024.txtin this directory:mv ~/Downloads/rockyou2024.txt .
-
Replace the
passwords.txtfile with your own passwords (one per line). -
Get execution permission to the script:
chmod u+x checkPasswords.sh
-
Execute the Bash script to check if your passwords match with the RockYou2024 passwords list:
time ./checkPasswords.sh
-
This is not a performance-optimized version (and I'm not interested in it) since it fulfilled its objective, for that reason it uses a Bash script with standard utilities from a GNU/Linux system. If you want to improve it maybe you can implement the use of GNU Parallel, or better to develop it in C or another high-performance language.
#### Quick proposal using GNU Parallel # grep -a -F -x -f $passwordsFile $rockyouFile >> "$tempFile" parallel --pipe-part --block 100M -a $rockyouFile -k --compress grep -a -F -x -f $passwordsFile >> "$tempFile"