WayneS (10/6/2012)
Hi Phil,I'm curious as to the source of the password list that you utilize. Is it something that you can share a link with?
1) Be careful looking -
1a) Never download anything except a text file or a compressed file
2b) Virus scan everything first
2c1) Download using a LiveCD without a hard drive
2c2) Download using a LiveCD with a hard drive unmounted
2c2.5) Download using a disposable installation (install, download, wipe with DBan or another DOD wiper) - credit to GSquared
2c3) Download using a VM
2c4) Only go to known reasonable sites
2) Public domain dictionaries (1913 Webster edition, etc.) are available.
3) Name lists are available from the U.S. Census .gov site http://www.census.gov/genealogy/www/data/1990surnames/names_files.html
4) As Gail said, crossword lists
4a) English Open Word List
4b) UK Advanced Cryptics Dictionary (UKACD)
5) Linux distribution wordlists - watch for copyright and licensing, not all are licensed under GPL
5a) dictionary-common wordlists
5b) aspell wordlists (the U.S. one is under copyright, so find and read the license first)
5b1) Shell script: aspell -l $1 dump master | aspell -l $1 expand | tr ' ' '' >$1.txt
5b1i) replace $1 with the language you want to get.
6) Known cracking wordlists from reputable sources (usually cracking competition teams or security vendors)
6a) Go to any of these at YOUR OWN RISK - see 2b and 2c1.
6b) Skullsecurity
6c) Openwall
6d) Korelogic
6e) Facebook breach list
6f) phpbb breach list (very small, very good for the size)
7) Your own additions for whatever industry and company you're in or deal with, or people involved. People _love_ to have company information, personal information, etc. in their passwords, from names to cars to kids.
7a) Be clever, think up some way of using the company name that's just so clever. Try it. Repeat until you crack at least one password.
7a1) If you've got more than 50 ordinary human-generated passwords and you haven't cracked one in at least 50 tries, get someone else to try generating words and case variations. Someone more normal :).
8) Use a tally table to generate lists of dates in various formats, the last 100 and next 50 years, etc. to add to words if you really insist on using PWDCOMPARE instead of a rules based cracker; Jennifer2007 is not as uncommon a password for people with 5 year old daughters as you might think.