[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: big word listing
>| As a security measure, I am trying to get a massive dictionary of words
>| together, and each time a user changes his/her password, it checks the
list to
>| see if the password is in it. My question is, are there any pre-built
lists of
>| this nature? I am currently only using a spelling dictionary, and would like
>| something a little bigger.
>
> Look on coast.cs.purdue.edu in the password/Crack areas.
There are also Grady Ward's Moby Words and related moby-listings, though
things like Crack will probably do a more thorough job of variants like
word, drow, w0rd, word0, drow0, word1, 0word, 1word, word1word, etc.
which people use to complicate their passwords.
Caveat: If you're building it on Unix, _don't_ set up the command to
take the proposed password on the command line, e.g. "checkpass foobar2",
since that makes it visible to anyone who runs ps. Feed it through stdin,
or set it as a variable and fork, or something like that.
And remember that binary searches are _far_ faster than reading whole
dictionaries,
and hashes are even faster if you're willing to preprocess more.
#---
# Thanks; Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281