[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: big word listing




> "It's supposed to crash like that." <[email protected]> writes:
> As a security measure, I am trying to get a massive dictionary of words
> together, and each time a user changes his/her password, it checks the list t o
> see if the password is in it.  My question is, are there any pre-built lists of
> this nature?  I am currently only using a spelling dictoinary, and would like
> somthing a little bigger.

Yes, there are -- see ftp.ox.ac.uk for a lovely set of them.  This is a
reasonable approach, but it's insufficient: you also need to check lots of
variants on the words.  I'd suggest looking at the code in Programming
Perl (Larry Wall and Randal L. Schwartz) for checking potential
passwords, and I'd suggest looking at the initial ruleset used by Crack,
the Unix password cracking tool; the same rules should be good for any
kind of password scheme.

Also you should be aware that cracking passwords is passe' these days:
it's much easier to run an ethernet sniffer and gather them wholesale.
Every little bit helps, though.

	Jim Gillogly
	Sterday, 28 Afterlithe S.R. 1995, 19:54