Update README.md

thomasmueller · web-flow · commit 7c10cd457a3e · 2019-03-22T14:52:45.000+01:00
diff --git a/README.md b/README.md
@@ -14,18 +14,18 @@ The following filter types are currently implemented:
 * Xor filter: 8 and 16 bit variants; needs less space than cuckoo filters, with faster lookup
 * Xor+ filter: 8 and 16 bit variants; compressed xor filter
 
-# Password Lookup Tool
+## Password Lookup Tool
 
 Included is a tool to build a filter from a list of known password (hashes), and a tool to do lookups. That way, the password list can be queried locally, without requiring a large file. The filter is only 650 MB, instead of the original file which is 11 GB. At the cost of some false positives (unknown passwords reported as known, with about 1% probability).
 
-## Generate the Password Filter File
+### Generate the Password Filter File
 
 Download the latest SHA-1 password file that is ordered by hash,
-for example the file pwned-passwords-sha1-ordered-by-hash-v4.7z (10 GB)
+for example the file pwned-passwords-sha1-ordered-by-hash-v4.7z (~10 GB)
 from https://haveibeenpwned.com/passwords
 with about 550 million passwords.
 
-If you have enough disk space, you can extract the hash file (25 GB),
+If you have enough disk space, you can extract the hash file (~25 GB),
 and convert it as follows:
 
     mvn clean install
@@ -37,9 +37,9 @@ To save disk space, you can extract the file on the fly (Mac OS X using Keka):
     /Applications/Keka.app/Contents/Resources/keka7z e -so
         pass.7z | java -cp target/fastfilter*.jar org.fastfilter.tools.BuildFilterFile filter.bin
 
-Both will generate a file named filter.bin (640 MB).
+Both will generate a file named filter.bin (~630 MB).
 
-## Check Passwords
+### Check Passwords
 
     java -cp target/fastfilter*.jar org.fastfilter.tools.PasswordLookup filter.bin
 
@@ -48,3 +48,5 @@ If yes, it will (for sure) either show "Found", or "Found; common",
 which means it was seen 10 times or more often.
 Passwords not in the list will show "Not found" with more than 99% probability,
 and with less than 1% probability "Found" or "Found; common".
+
+Internally, the tool uses a xor+ filter (see above) with 8 bits per fingerprint. One bit of the key is either 0 (regular) or 1 (common), and so two lookups are made per password. Because two lookups are made, the false positive rate is twice of what it would be with just one lookup (0.0078 instead of 0.0039). A regular Bloom filter with the same guarantees would be ~760 MB.
