As a security measure, I am trying to get a massive dictionary of words together, and each time a user changes his/her password, it checks the list to see if the password is in it. My question is, are there any pre-built lists of this nature? I am currently only using a spelling dictoinary, and would like somthing a little bigger.
You're re-inventing the wheel. look for npasswd or passwd+. Both do things like that. Or, better yet, don't use dictionaries at all (they're out of date as soon as they're made available). Use rules that force your users to choose good passwords (just don't be too Draconian. ;). We have a rule that says a user must choose at least one upper case character, one lower case character, and one number, symbol, or control character in his/her password. It's met little resistance, a few complaints, and it's immune to most dictionary password schemes. The only other restriction is that they must have at least 6 characters in their passwords. That was already "mostly" enforced, so there was no problem there. This prevents people from picking passwords like the name of a significant other, the name of a place, or some foreign language word that normal dictionaries wouldn't necessarily catch, but some password cracking program "might" (depending on who has the more recent dictionary). This really is more along the charter of comp.unix.security though, and not cypherpunks (IMHO). -- ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug@eng.auburn.edu "Real programmers use cat > file.as"