Great stuff. Document a possible filter?

[david-a-wheeler]

The CII Best Practices Badge program "BadgeApp" uses this - thank you!

You might want to modify your README to document how someone might use bad-passwords in other systems. The US NIST has proposed draft password rules in 2016. They recommend having a minimum of 8 characters in passwords and checking against a list of bad passwords - so this list of bad passwords is timely. Here's what we did - you might want to mention this somewhere in the documentation for others.

• We don't need to store anything less than 8 characters (they will be forbidden anyway), and we only store lowercase versions (we check downcased versions). We compress it into a .gz file; it doesn't take long to read, and that greatly reduces the space we use when storing and and transmitting the program. Using the bad-passwords version dated "May 27 11:03:00 2016 -0700", starting with the "mutated" list, we end up with 106,251 forbidden passwords.

(cd .. && git clone https://github.com/skyzyx/bad-passwords )
cat ../bad-passwords/raw-mutated.txt | grep -E '^.{8}' | tr A-Z a-z | \
  sort -u > raw-bad-passwords-lowercase.txt
rm -f raw-bad-passwords-lowercase.txt.gz
gzip --best raw-bad-passwords-lowercase.txt

[skyzyx]

Must've missed the email for this comment. :(

Yes, let me update the README.