big word listing

Jim Gillogly jim at acm.org
Fri Jul 21 12:58:26 PDT 1995



> "It's supposed to crash like that." <gorkab at sanchez.com> writes:
> As a security measure, I am trying to get a massive dictionary of words
> together, and each time a user changes his/her password, it checks the list t o
> see if the password is in it.  My question is, are there any pre-built lists of
> this nature?  I am currently only using a spelling dictoinary, and would like
> somthing a little bigger.

Yes, there are -- see ftp.ox.ac.uk for a lovely set of them.  This is a
reasonable approach, but it's insufficient: you also need to check lots of
variants on the words.  I'd suggest looking at the code in Programming
Perl (Larry Wall and Randal L. Schwartz) for checking potential
passwords, and I'd suggest looking at the initial ruleset used by Crack,
the Unix password cracking tool; the same rules should be good for any
kind of password scheme.

Also you should be aware that cracking passwords is passe' these days:
it's much easier to run an ethernet sniffer and gather them wholesale.
Every little bit helps, though.

	Jim Gillogly
	Sterday, 28 Afterlithe S.R. 1995, 19:54






More information about the cypherpunks-legacy mailing list