OWASP Secure Password Project

Main
This project will have a two pronged approach designed to put more nails in the single-factor method of authentication. First, we will create an interactive portal where penetration testers are able to enter known information about the target. This known information can then be broken down and converted to create a large downloadable dictionary list that has been customized to the target. This list will be added to a comprehensive standard dictionary with the character conversions performed on that as well. The result would be a large list of commonly used passwords, dictionary words, target specific passwords, and various derivitives of each which should cover the vast majority of passwords used today.

The second prong of our approach will be to capture the results of all data collected into a large database. This data will be hashed with common hashing methods to create what will become the world's largest rainbow tables. A user can provide us with a hash and we can do a lookup against these tables to search for matching entries. The goal here is to put a stop to unsalted password hashes for authentication.

We likely have one final non-technical objective here which is to educate end-users on the proper creation of passwords. Maybe we even have some sort of password generator based on a phrase that somebody types in. If you are interested in contributing to the project, please contact the Project Leader, Josh Sokol, at josh dot sokol at owasp dot org.