Re: Replacing passwords.lst

[David Fifield <david () bamsoftware com>]

On Fri, Mar 12, 2010 at 09:48:11PM -0800, Fyodor wrote:
> On Fri, Mar 12, 2010 at 09:13:09PM -0700, David Fifield wrote:
> > I made this directory and copied the old MySpace passwords into it. I
> > didn't realize that Ron's databases were so huge--RockYou is like 100
> > MB. I copied the first 10,000 lines of phpBB and RockYou into the
> > directory as well.
>
> Yeah, that is huge.  And I know I sometimes complain about stuffing
> large files in SVN.  But this is really useful data, so I'd support
> storing more.  Rockyou is the biggest issue, as you noted.  My
> suggestion for that is:

The sizes were not as bad as I thought at first. After stripping extra
spaces, we are left with

-rw-r--r--  1 david users  88K 2010-03-16 17:13 faithwriters.lst
-rw-r--r--  1 david users 103K 2010-03-16 17:14 hotmail.lst
-rw-r--r--  1 david users 421K 2010-03-16 17:07 myspace.lst
-rw-r--r--  1 david users 1.9M 2010-03-16 17:18 phpbb.lst
-rw-r--r--  1 david users  58M 2010-03-16 17:24 rockyou.lst.bz2

I wrote a simple program to sum the counts from several password files
and output the top n passwords. Using the five lists above, I
regenerated our nselib/data/passwords.lst. The program automatically
does bz2 decompression based on filename so keeping compressed lists
isn't inconvenient.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/