I’ve been doing some other things for the past year or so, but I think I’m ready to pick this back up.  I have downloaded and imported all database dumps of which I am aware that have 1M or more compromised accounts in them, most of them from the past year.  I think I have more than 100 databases imported.  Now, I need to go back and grab just the unique records like I did before.  Then, I’ll combine them back into the original database, and generate all the hashes I can for each one of them.

What might be interesting is to make a release of that database.  Then, security researchers can use it as a pre-calculated hash table.  They can do all sorts of whatever they want with it.  And because it only has the actual passwords, and not usernames or email addresses, I believe it would be a perfectly ethical thing to do.  So stay tuned, I might start work on that project.