Greetings from 2009!
I have a real post planned for the near future, but for now you’re stuck with something short (and probably more useful, ultimately). I just wanted to draw attention to a few password databases I put on my wiki. You can find them here.
First, the list included with John the Ripper. It’s small, at 24kb, and is designed to be mutated/permutated. It’s ordered by frequency, and the author has done a lot of research on common/weak passwords. There’s a direct link here, and due to its size it’s probably the best list for online cracking.
Next, the list included with Cain and Able. It’s significantly larger (3.3mb) and is targeted toward local cracking. The list I’ve uploaded it alphabetized, I’m not sure whether or not that’s true for the original. Direct link.
Several years ago, a list of phished MySpace accounts was publicly released. If you want the complete list (with emails (ie, usernames)), it was posted with the name “myspace1.txt.bz2″ and is pretty easy to find.
I removed the usernames from the list and ordered it by frequency. You can find that list here (if you want to know how many people used each password on the list, check here).
And finally, the story that reminded me to do this: the Top 500 Worst Passwords. This list is the smallest I have, but is supposedly the 500 most common passwords used today. It’s also ordered by frequency, and can be found here.
You might also find this useful, it’s a list of all words in the English language. Maybe not useful for cracking passwords, but if you’re writing a hangman solver (and the author likes using words like “mesoblaster”), it could be what you need.
When I’m doing bruteforcing and cracking, I always have trouble finding good lists of passwords. That’s why I created that page in the first place, and I hope it helps others.