Dictionary for Password Strength Testing

Forums » Tech and Talk » OS and Software » Webmasters and Developers » Dictionary for Password Strength Testing


Uniqs: 281	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·How To Get Noticed ·Web Monks FAQ ·Webhosting FAQ ·Posting Code ·How To Post ·Webhosting forum

[PHP] Maybe someone can help me »
« Amazon Books redesign

Jason Levine
Premium
join:2001-07-13
USA

Dictionary for Password Strength Testing

I saw a link to a Password Strength tester (»www.securitystats.com/tools/password.php) in another thread and thought that it would be a great tool for my users. However, I don't want them submitting their passwords across the Internet and some of the suggestions (upper case) don't apply in our situation (we have case insensitive passwords). Therefore, I'm looking at building it myself.

So far, it looks like they check 5 criteria:

1. Is the password in the dictionary?
2. Is the password 8 characters or more in length?
3. Does the password include special symbols?
4. Does the password contain numbers?
5. Does the password contain mixed case?

I'd wind up replacing that last one with:

5. Does the password match the user's username?

Numbers 2-5 are easy to implement. However, #1 requires that I have a database of common words to query against. Does anyone know of any free/low-cost sources for this that I could use to populate a SQL Server database?
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/

permalink · 2005-04-06 15:43:10 · Print ·

Mospaw D O N E Hawaiian Jellyfish join:2001-01-08 The Pacific	Re: Dictionary for Password Strength Testing Lots of words here: »www.itasoftware.com/careers/WORD.LST You should be able to save that file and run a query on it. If you need help writing one, let me know.
	permalink · 2005-04-06 15:51:47 ·

Jason Levine Premium join:2001-07-13 USA	Re: Dictionary for Password Strength Testing Thanks. This should help a lot!
	permalink · 2005-04-06 16:14:49 ·

Overdrive Are You Where You Want To Be? Premium join:2001-05-31 Waterbury, CT	said by Mospaw : Lots of words here: »www.itasoftware.com/careers/WORD.LST You should be able to save that file and run a query on it. If you need help writing one, let me know. that's a lot of words... -- Need a Web Developer?
	permalink · 2005-04-06 16:30:40 · Print ·

DA OH Do, Or Do Not. There Is No 'try'. join:2002-01-07 Denver, CO clubs:	Re: Dictionary for Password Strength Testing said by Overdrive : that's a lot of words... 173,528 to be exact. -- "Victory goes to the player who makes the next-to-last mistake."
	permalink · 2005-04-06 18:30:58 ·

big greg Premium,MVM,Ex-Mod 2005-6 join:2003-10-11 Boston, MA clubs:	said by Mospaw : Lots of words here: »www.itasoftware.com/careers/WORD.LST You should be able to save that file and run a query on it. If you need help writing one, let me know. Excellent link! Thanks!
	permalink · 2005-04-07 07:43:03 ·

Mospaw
D O N E
Hawaiian Jellyfish
join:2001-01-08
The Pacific

·Cox HSI

Host:
Road Warriors, Not..
All Things Macintosh
Automotive

Re: Dictionary for Password Strength Testing

Our IT manager is encouraging the use of "pass phrases" instead of passwords. Something like "Mospaw is a genius." or even "Four score and seven years ago" to type in. Nice and long, and very difficult to guess. You could even have "Four score and 7 years ago" to make it harder to guess, but still very easy to remember.

The only issue is that some applications/web sites may limit password length, so the longer phrases may be problematic. I would think that 80 characters would handle just about all reasonable pass phrases.

permalink · 2005-04-07 10:14:51 · Print ·

Jason Levine Premium join:2001-07-13 USA	Re: Dictionary for Password Strength Testing I encourage passphrases too. Not only are they hard to guess, but they're pretty easy to remember. "We're off to see the wizard!" is a 28 character password/phrase that's pretty secure and easier to remember than "1ri&br#a#ho9thiucoe!l27ieslu" -- -Jason Levine http://www.jasons-toolbox.com/ http://www.PCQandA.com/ http://www.urateit.com/
	permalink · 2005-04-07 13:20:18 ·

fiqqq Mr. Chainsaw Premium join:2003-01-23 Wilmette, IL clubs:	be careful not to throw out passwords that meet all of the other expectations like dog!#Murphy, !# being his age but with shift pressed. as these are strong passwords and better than users having to remember 435A93k*m or the likes. -- placidness.com: my site.
	permalink · 2005-04-06 20:16:20 ·

DA OH Do, Or Do Not. There Is No 'try'. join:2002-01-07 Denver, CO clubs:	We use pass phrases here, but only the initials from them. For example: road runner is very fast becomes rrivf. For added security, we also add special characters, so the final password becomes: !rrivf! -- "Victory goes to the player who makes the next-to-last mistake."
	permalink · 2005-04-07 12:07:25 ·

your comment..

Forums » Tech and Talk » OS and Software » Webmasters and Developers	[PHP] Maybe someone can help me » « Amazon Books redesign


Thursday, 26-Nov 20:38:40	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF