Dictionary for Password Strength Testing in Webmasters and Developers

Dictionary for Password Strength Testing in Webmasters and Developers http://www.dslreports.com/forum/r13103789 en Wed, 25 Nov 2009 03:47:21 EDT Wed, 25 Nov 2009 03:47:21 EDT Re: Dictionary for Password Strength Testing http://www.dslreports.com/forum/remark,13111411 Jason Levine : I encourage passphrases too. Not only are they hard to guess, but they're pretty easy to remember. "We're off to see the wizard!" is a 28 character password/phrase that's pretty secure and easier to remember than "1ri&br#a#ho9thiucoe!l27ieslu"
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/]]> http://www.dslreports.com/forum/remark,13111411 Thu, 07 Apr 2005 13:20:18 EDT Re: Dictionary for Password Strength Testing http://www.dslreports.com/forum/remark,13110942 DA OH : We use pass phrases here, but only the initials from them. For example: road runner is very fast becomes rrivf. For added security, we also add special characters, so the final password becomes: !rrivf!
--
"Victory goes to the player who makes the next-to-last mistake."]]> http://www.dslreports.com/forum/remark,13110942 Thu, 07 Apr 2005 12:07:25 EDT Re: Dictionary for Password Strength Testing http://www.dslreports.com/forum/remark,13110112 Mospaw : Our IT manager is encouraging the use of "pass phrases" instead of passwords. Something like "Mospaw is a genius." or even "Four score and seven years ago" to type in. Nice and long, and very difficult to guess. You could even have "Four score and 7 years ago" to make it harder to guess, but still very easy to remember.

The only issue is that some applications/web sites may limit password length, so the longer phrases may be problematic. I would think that 80 characters would handle just about all reasonable pass phrases.]]> http://www.dslreports.com/forum/remark,13110112 Thu, 07 Apr 2005 10:14:51 EDT Re: Dictionary for Password Strength Testing http://www.dslreports.com/forum/remark,13109395 big greg :

said by Mospaw

:

Lots of words here: »www.itasoftware.com/careers/WORD.LST

You should be able to save that file and run a query on it. If you need help writing one, let me know.

Excellent link! Thanks!]]> http://www.dslreports.com/forum/remark,13109395 Thu, 07 Apr 2005 07:43:03 EDT Re: Dictionary for Password Strength Testing http://www.dslreports.com/forum/remark,13106002 fiqqq : be careful not to throw out passwords that meet all of the other expectations like dog!#Murphy, !# being his age but with shift pressed. as these are strong passwords and better than users having to remember 435A93k*m or the likes.
--
placidness.com: my site.]]> http://www.dslreports.com/forum/remark,13106002 Wed, 06 Apr 2005 20:16:20 EDT Re: Dictionary for Password Strength Testing http://www.dslreports.com/forum/remark,13105240 DA OH :

said by Overdrive :
that's a lot of words...

173,528 to be exact. :-)
--
"Victory goes to the player who makes the next-to-last mistake."]]> http://www.dslreports.com/forum/remark,13105240 Wed, 06 Apr 2005 18:30:58 EDT Re: Dictionary for Password Strength Testing http://www.dslreports.com/forum/remark,13104241 Overdrive :

said by Mospaw

:

Lots of words here: »www.itasoftware.com/careers/WORD.LST

You should be able to save that file and run a query on it. If you need help writing one, let me know.

that's a lot of words...
--
Need a Web Developer?]]> http://www.dslreports.com/forum/remark,13104241 Wed, 06 Apr 2005 16:30:40 EDT Re: Dictionary for Password Strength Testing http://www.dslreports.com/forum/remark,13104092 Jason Levine : Thanks. This should help a lot! :-)]]> http://www.dslreports.com/forum/remark,13104092 Wed, 06 Apr 2005 16:14:49 EDT Re: Dictionary for Password Strength Testing http://www.dslreports.com/forum/remark,13103866 Mospaw : Lots of words here: »www.itasoftware.com/careers/WORD.LST

You should be able to save that file and run a query on it. If you need help writing one, let me know. ]]> http://www.dslreports.com/forum/remark,13103866 Wed, 06 Apr 2005 15:51:47 EDT Dictionary for Password Strength Testing http://www.dslreports.com/forum/remark,13103789 Jason Levine : I saw a link to a Password Strength tester (»www.securitystats.com/tools/password.php) in another thread and thought that it would be a great tool for my users. However, I don't want them submitting their passwords across the Internet and some of the suggestions (upper case) don't apply in our situation (we have case insensitive passwords). Therefore, I'm looking at building it myself.

So far, it looks like they check 5 criteria:

1. Is the password in the dictionary?
2. Is the password 8 characters or more in length?
3. Does the password include special symbols?
4. Does the password contain numbers?
5. Does the password contain mixed case?

I'd wind up replacing that last one with:

5. Does the password match the user's username?

Numbers 2-5 are easy to implement. However, #1 requires that I have a database of common words to query against. Does anyone know of any free/low-cost sources for this that I could use to populate a SQL Server database?
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/]]> http://www.dslreports.com/forum/remark,13103789 Wed, 06 Apr 2005 15:43:10 EDT