schellj
commented
1 year ago Large corpus source (HaveIBeenPwned): https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/ https://haveibeenpwned.com/Passwords https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader
Much smaller list of 47k common passwords (Dropbox): https://github.com/dropbox/zxcvbn/blob/master/data/passwords.txt
Other password lists: https://github.com/danielmiessler/SecLists/tree/master/Passwords
As per 800-63B 5.1.1.2 (https://pages.nist.gov/800-63-3/sp800-63b.html#sec5).
Exempt dev.