Home page logo

pen-test logo Penetration Testing mailing list archives

Online commonly used password database
From: Mike Shaw <mshaw () wwisp com>
Date: Mon, 11 Mar 2002 17:20:32 -0600

Does anyone know of a commonly used password database? I know that dictionaries and password list files abound. But what I'm thinking of is a central Big-Ol'(tm) database of passwords that's constantly being updated with everyone doing pen-test crack sessions out there. The site would produce a daily file comprising of all the passwords in the list.

Why? Everyone on this list has seen "qwerty12345" and the like out there. But what about "qwerty>12345"? Yet it's a safe bet that that password has been used by at least a few people in the entire history of passwords. The ultimate goal would be to crack the "monkeys with typewriters" algorithm of password generation by securing the most common things that the brain comes up with--even down to the level of commonly used two letter combinations (note that this would be different than the standard cryptographic techniques because people choose passwords differently). But in the short term it would just be cool to have a centralized list to pool efforts.

Of course, there would be security problems with what was submitted. Something such as a password of "xyzcorpxyzcorp" would obviously be a hazard since there is only one xyzcorp out there, so some discretion would have to be exercised by the submitter. One option would be to not have passwords "activated" in the downloadable password list unless 2 instances of it occurred.

Of course I could be barking up a well worn tree. In that case I'd like to see what work has been done in this area.


This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]