The Kryc Wordlist

---[ 1. What is it?

The kryc wordlist is a list of commonly used passwords for use in security
research (particularly user education and password recovery) and Capture the
Flag (CTF) competitions.

---[ 2. How is it created?

The wordlist comes in at just under 500 million passwords and is based on the
haveibeenpwned pwned passwords list. haveibeenpwned releases sha1 hashes of
passwords recovered from known security breaches. For more information on how
they build this list see https://haveibeenpwned.com.

At time of writing 98.71% of the passwords have been recovered to their
plaintext (I may write a full article on this if there is interest).

The kryc wordlist is a sorted list of passwords which have appeared in at least
ten different breaches (to filter out the long tail of passwords which have only
been seen once). It is then filtered to remove any non-UTF-8-printable entries,
and any that are likely to be email addresses. Finally it is compressed using
LZMA2 into an .xz archive.

---[ 3. What is in it?

In case you are interested, the top ten entries are
 1. 123456        6. 1234
 2. 123456789     7. 12345
 3. 12345678      8. qwerty
 4. password      9. 1234567
 5. admin        10. 1234567890

---[ 4. Where can I get it?

https://kryc.blob.core.windows.net/files/kryc.dic.xz