WebApp Sec mailing list archives

Password Blacklist

From: Reed Black <reed () unsafeword org>
Date: Tue, 14 Aug 2012 10:29:16 -0700

Can anyone recommend a good password dictionary, preferably one where
the author speaks to the method of its construction?

As part of our authentication system, I want to blacklist the most
commonly used passwords. I searched for dictionaries for use with John
the Ripper, hoping to use one of these. There is surprisingly little
overlap in the top terms among these different dictionaries. This
makes me unsure of their utility.

This is for a web service with an international user base, if that
makes a difference.



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

Password Blacklist Reed Black (Aug 14)
- Re: Password Blacklist Andrew van der Stock (Aug 15)
- Re: Password Blacklist Per Thorsheim (Aug 15)
  - Re: Password Blacklist Reed Black (Aug 15)
    - RE: Password Blacklist Nigel Ball (Aug 15)
    - Re: Password Blacklist Per Thorsheim (Aug 15)
    - Re: Password Blacklist Snipe (Aug 16)
- Re: Password Blacklist Nick Galbreath (Aug 15)