|
Message-ID: <49013.128.173.192.90.1323694883.squirrel@webmail.tuffmail.net> Date: Mon, 12 Dec 2011 08:01:23 -0500 (EST) From: "Brad Tilley" <brad@...ystems.com> To: john-users@...ts.openwall.com Subject: Re: Password datasets with creation rules? > Does anyone happen to know of any decent-sized, real-world leaked/attacked > password datasets that are in the wild and employed password creation > rules > such as "must contain a number" or "minimum 8 characters"? Plaintext, > hashed, or hashed/salted are all fine as long as I can make a guess > against > each entry and query for its existence in the database. I'm looking for > full database releases, not just the cracked ones. > > All of the datasets I've found that have decent sample sizes (rockyou, > gawker, phpbb, battlefield heroes beta) seem to have no creation rules > enforced. > > Wesley Wesley, You work for (faculty/staff) or are a student at a higher ed? My advice would be to get with your local IT Security/Audit Office and see if they will allow you to work with them when they perform password audits. Start by paying a visit to the school's ISO. This may require approvals from administration, etc. but it's worth a shot as they'll have "real-world" corporate-like password policies on the administrative systems. Brad
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.