For weeks now, I have been playing with the idea that the vast majority of people, roughly 80%, use a password from a pool of common passwords. I believe this pool to be around 500,000 words in length.

I have been reviewing lists of leaked username/password lists and found that this theory is fairly accurate.

The result of my theory is the RealWorld Password Dictionary. This list is compiled from various leaked databases, and phished lists such as the larger MySpace.com Phish list, the singles.org leaked list, the phpBB.com hacked list and several other ones. If we could compile this list into a dictionary, we would have one of the best password recovery dictionaries in existence.

We are currently soliciting for more databases to review, and add to our lists. All submissions are confidential, and we will not be publish correlating usernames for these passwords. Submissions may be sent to jcase@mindhack.us.

The current release is version 1.2 may be downloaded here:

realworld_1_2.tar.gz
or
realworld_1_2.zip

This project is solely for educational purposes, and use of this list is only intended for password recovery on data/accounts that you own.

This entry was posted on Thursday, April 2nd, 2009 at 12:11 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.