Password dictionaries

Greetings from 2009!

I have a real post planned for the near future, but for now you're stuck with something short (and probably more useful, ultimately). I just wanted to draw attention to a few password databases I put on my wiki. You can find them here.

First, the list included with John the Ripper. It's small, at 24kb, and is designed to be mutated/permutated. It's ordered by frequency, and the author has done a lot of research on common/weak passwords. There's a direct link here, and due to its size it's probably the best list for online cracking.

Next, the list included with Cain and Able. It's significantly larger (3.3mb) and is targeted toward local cracking. The list I've uploaded it alphabetized, I'm not sure whether or not that's true for the original. Direct link.

Several years ago, a list of phished MySpace accounts was publicly released. If you want the complete list (with emails (ie, usernames)), it was posted with the name "myspace1.txt.bz2" and is pretty easy to find.
I removed the usernames from the list and ordered it by frequency. You can find that list here (if you want to know how many people used each password on the list, check here).

And finally, the story that reminded me to do this: the Top 500 Worst Passwords. This list is the smallest I have, but is supposedly the 500 most common passwords used today. It's also ordered by frequency, and can be found here.

You might also find this useful, it's a list of all words in the English language. Maybe not useful for cracking passwords, but if you're writing a hangman solver (and the author likes using words like "mesoblaster"), it could be what you need.

When I'm doing bruteforcing and cracking, I always have trouble finding good lists of passwords. That's why I created that page in the first place, and I hope it helps others.

2 thoughts on “Password dictionaries

  1. Reply

    Andrew

    Nice collection you have going there!

    This reminds me, I was combing through my “backup” directories the other day looking for things to delete when I came across the dictionary I used when making my Jumble Solvr iPhone app. I had assembled it from several supposed English dictionary text files, removed duplicates and words with spaces, and sorted alphamagically. It came in at around 277k words, and I’ve thrown it up at http://andreworr.ca/what/dict-jumblesolvr.txt.zip if anyone is interested.

    English.txt only has 104k words, I don't know if that's better or worse than mine, I guess it depends on the usage :P.

    Cheers!

  2. Reply

    Ron Post author

    Cool, I've added your dictionary to the Wiki page!

Leave a Reply

Your email address will not be published.