EDIT : this is all wrong, I fucked up everything while trying to check the short MD5s. I’m not at 99% at all !
The rootkit.com database has just leaked. I found out this morning on xorl blog. I thought this was Christmas, as there was finally a large password leak of security minded people, which would be useful to hone cracking techniques.
The leak itself is quite nice, with around 81500 accounts, most of them being raw MD5s. There are also around 10k short hashes, 4 bytes each. The two most common are b3a39596 and 5f4dcc3b. As the md5 of password is 5f4dcc3b5aa765d61d8327deb882cf99, I believe they are truncated raw MD5 hashes. They are uncrackable because of the false positive rate. For example, “hiswife5” is a good cleartext for b3a39596, but doesn’t look like a password many people will use.
The password base in itself is terrible. In just 3 hours, on a single computer and while working I found 99% of the passwords. This either means that the password selection is horrible on this site, or that it is average and that my wordlists and rules have gotten better. All in all, I am really disappointed with this.
By the way, it seems genuine, as there are people I know in the list whose password is correct.
I will not publish any classic analysis of this. If correlating with the other details in the database prove interesting I will make a new post. The only funny thing I found is the password sobrecarguemos7, which seems to have been used by a bot to create 51 accounts.