Yes, now the Cloudflare ntlm-sorted-by-hash-v5 7z file download matches the published SHA1 hash. Thank you for your efforts and sorry for my nagging...

Ugh, that's annoying. I've just flushed Cloudflare cache again, give it another go now. Versions I uploaded hours ago were certainly the new ones with the hashes presently listed on the Pwned Passwords page.

How long does the caching need to update the files? I tried both torrent and cloudflare V5 16.7.2019 ntlm-sorted-by-hash downloads several times over the last hours, but the downloaded 7z file still has the wrong old sha1 hash of b29418346fa9fd319bdd46ae22af802bef7a0222.

Just tested and confirmed this is now in the latest files that are now live:

E19CCF75EE54E06B06A5907AF13CEF42:52579

I'll close this item out now, thanks again for highlighting it!

Happy to help.

Found the issue - input to the NTLM hash function was varchar instead of nvarchar. Recalculating and re-uploading momentarily, I've just updated the page to say "coming soon" for the moment. Thanks heaps for flagging this!

I just tried the other way around:

P@ssw0rd hash was found 52579 times in SHA1 V5 file

A search for :52579 within the NTLM V5 file gives
4DBE14C0419A5F6227CEFE3F005C26A2:52579

but the NTLM hash of P@ssw0rd is E19CCF75EE54E06B06A5907AF13CEF42

As it looks, the cloudflare download of SHA1 DB is OK.
I tried with the torrent download before.

SHA1 V5 DB was downloaded by cloudflare.
Filename is pwned-passwords-sha1-ordered-by-hash-v5.7z
SHA1 Hash is 4f505d687a7dd3d67980983787adb33cb768c7b2

SHA1 Check against V4:
Test-Password is: 12345
Test-Hash is: 8cb2237d0679ca88db6464eac60da96345513964
Result: Found, 2333232 occurrences

Test-Password is: P@ssw0rd
Test-Hash is: 21bd12dc183f740ee76f27b78eb39c8ad972a757
Result: Found, 51259 occurrences

SHA1 Check against V5:
Test-Password is: 12345
Test-Hash is: 8CB2237D0679CA88DB6464EAC60DA96345513964
Result: Found, 2380800 occurrences

Test-Password is: P@ssw0rd
Test-Hash is: 21BD12DC183F740EE76F27B78EB39C8AD972A757
Result: Found, 52579 occurrences

NTLM V5 DB was downloaded by torrent.
Filename is pwned-passwords-ntlm-ordered-by-hash-v5.7z
SHA1 Hash is b29418346fa9fd319bdd46ae22af802bef7a0222

NTLM Check against V4:
Test-Password is: 12345
Test-Hash is: 7A21990FCD3D759941E45C490F143D5F
Result: Found, 2333232 occurrences

Test-Password is: P@ssw0rd
Test-Hash is: E19CCF75EE54E06B06A5907AF13CEF42
Result: Found, 51259 occurrences

NTLM Check against V5:
Test-Password is: 12345
Test-Hash is: 7A21990FCD3D759941E45C490F143D5F
Result: Not Found

Test-Password is: P@ssw0rd
Test-Hash is: E19CCF75EE54E06B06A5907AF13CEF42
Result: Not found

Just as a quick sanity check, I just took this password: "P@ssw0rd"

Which hashes to this SHA-1 value: "21BD12DC183F740EE76F27B78EB39C8AD972A757"

And found this row in my local copy of the passwords ordered by hash file: "2DC183F740EE76F27B78EB39C8AD972A757:52579"

The most likely explanations are that either an old version of the hash file was cached and you downloaded that or your encoding of the input string is off. The cache should be fine as I flushed it after uploading the latest files, check the SHA-1 of the downloaded file against what the Pwned Passwords page reports if you're not sure.

FWIW, I've not yet had any other reports of data integrity issues.

Can you give me a sample password, the hash value for it and let me know precisely which file you downloaded and how (torrent versus direct from Cloudflare). I’ll look into it.