Online commonly used password database

From: Mike Shaw (mshaw@wwisp.com)
Date: 03/12/02


Date: Mon, 11 Mar 2002 17:20:32 -0600
To: pen-test@securityfocus.com
From: Mike Shaw <mshaw@wwisp.com>

Does anyone know of a commonly used password database? I know that
dictionaries and password list files abound. But what I'm thinking of is a
central Big-Ol'(tm) database of passwords that's constantly being updated
with everyone doing pen-test crack sessions out there. The site would
produce a daily file comprising of all the passwords in the list.

Why? Everyone on this list has seen "qwerty12345" and the like out
there. But what about "qwerty>12345"? Yet it's a safe bet that that
password has been used by at least a few people in the entire history of
passwords. The ultimate goal would be to crack the "monkeys with
typewriters" algorithm of password generation by securing the most common
things that the brain comes up with--even down to the level of commonly
used two letter combinations (note that this would be different than the
standard cryptographic techniques because people choose passwords
differently). But in the short term it would just be cool to have a
centralized list to pool efforts.

Of course, there would be security problems with what was
submitted. Something such as a password of "xyzcorpxyzcorp" would
obviously be a hazard since there is only one xyzcorp out there, so some
discretion would have to be exercised by the submitter. One option would
be to not have passwords "activated" in the downloadable password list
unless 2 instances of it occurred.

Of course I could be barking up a well worn tree. In that case I'd like to
see what work has been done in this area.

-Mike

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Re: Home Networking/Firewall problem
    ... filters to achieve security you're required to have such a knowledge. ... virus-scanners don't address the problem of running untrusted software, ... common implementations just add new attack vectors). ...
    (comp.security.firewalls)
  • Re: Variable argument function as a parameter of a variable argument function
    ... implies that you don't know. ... It's quite common for people to ask the wrong question; ... the real problem was. ... legitimate - but almost any code that poses security issues can be ...
    (comp.lang.c)
  • Re: Essential updates?
    ... You can browse the Fedora Announce archives at ... Since one mans bug is another mans feature this could be harder ... Critical security bugs will commonly have some reference to a common ...
    (Fedora)
  • Re: Home Networking/Firewall problem
    ... filters to achieve security you're required to have such a knowledge. ... Back to the car analogy - yes you have to ... but merely serve as an intrusion detection tool, and that "firewalls" ... common implementations just add new attack vectors). ...
    (comp.security.firewalls)
  • RE: Is this normal?
    ... This is far too common. ... A few simple security tips may help. ... Do not allow root any remote access; create a user and su if you need ...
    (Security-Basics)