1995-07-21 - Re: big word listing

Header Data

From: stewarts@ix.netcom.com (Bill Stewart)
To: gorkab@sanchez.com (It’s supposed to crash like that.)
Message Hash: 48286cd0dc94349445bb1eaffec683961f15167c28c07455efb58cff2089f592
Message ID: <199507211931.MAA21230@ix6.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1995-07-21 19:32:40 UTC
Raw Date: Fri, 21 Jul 95 12:32:40 PDT

Raw message

From: stewarts@ix.netcom.com (Bill Stewart)
Date: Fri, 21 Jul 95 12:32:40 PDT
To: gorkab@sanchez.com (It's supposed to crash like that.)
Subject: Re: big word listing
Message-ID: <199507211931.MAA21230@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>| As a security measure, I am trying to get a massive dictionary of words
>| together, and each time a user changes his/her password, it checks the
list to
>| see if the password is in it.  My question is, are there any pre-built
lists of
>| this nature?  I am currently only using a spelling dictionary, and would like
>| something a little bigger.
>
>	Look on coast.cs.purdue.edu in the password/Crack areas.

There are also Grady Ward's Moby Words and related moby-listings, though
things like Crack will probably do a more thorough job of variants like
word, drow, w0rd, word0, drow0, word1, 0word, 1word, word1word, etc.
which people use to complicate their passwords.

Caveat: If you're building it on Unix, _don't_ set up the command to
take the proposed password on the command line, e.g. "checkpass foobar2",
since that makes it visible to anyone who runs ps.  Feed it through stdin,
or set it as a variable and fork, or something like that.
And remember that binary searches are _far_ faster than reading whole
dictionaries,
and hashes are even faster if you're willing to preprocess more.
#---
#                                Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281






Thread