Dictionaries involved in this project include:
- Top 500 Worst Passwords of All Time (2005)
- Conficker worm embedded dictionary (2008)
- John the Ripper default dictionary (2011)
- Cain & Abel default dictionary (2005)
- phpBB.com database leak (2009)
- RockYou.com database leak (2009)
All dictionaries involved are available for download: dictionaries.zip (15.3MiB).
The results of our tests against each checker are also available here: checkers_dictionaries_results.7z (203MiB) including aggregated results that allow for the generation of password distribution graphs (updated to include results for the extended work in my thesis).
An illustration of Google checker's hysteresis phenomenon can be found in this video.
Scripts used to automate the tests: test-automation.zip.