|
Message-ID: <20120317021820.GA15275@openwall.com> Date: Sat, 17 Mar 2012 06:18:20 +0400 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com Cc: john-users@...ts.openwall.com Subject: pwgen common password lists Hi, The Openwall wordlists collection (paid, full) now comes with a bonus - two lists of passwords commonly generated by pwgen 2.06 with default settings for output to a tty and non-tty. These contain 44 and 45.5 million entries and they crack 21% and 75% of passwords of the corresponding kind - for tty and non-tty, respectively. pwgen is a fairly popular command-line password generator program for Unix systems. It is part e.g. of Debian and Ubuntu. The unfortunate property of pwgen that made this possible (non-uniform distribution and small keyspace of its generated passwords) was discussed on oss-security and Bugtraq in January: http://www.openwall.com/lists/oss-security/2012/01/22/6 and on john-users in 2010. Part of the problem (small keyspace, but not non-uniform distribution) was publicly known since 2004 (if not earlier): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276976 (The fix was to document the problem...) Our wordlists with the pwgen bonus may be purchased here: http://www.openwall.com/wordlists/ Those of you who would rather not support us may obtain almost all of the same wordlists (but not the pwgen bonus yet) from /pub/wordlists in our file archive and its mirrors: http://download.openwall.net http://www.openwall.com/mirrors/ And indeed anyone (with some shell scripting skills or the like) can generate similar pwgen lists in a couple of days, which actually makes me more comfortable about using ours as a way to encourage people and companies to support our project financially. ;-) Speaking of alternatives to pwgen, our own pwqgen (from our passwdqc package) has been tested for (lack of) a similar issue: http://www.openwall.com/lists/passwdqc-users/2012/01/27/1 http://www.openwall.com/passwdqc/ Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.