Where can I find good dictionaries for dictionary attacks?
Nice list collected by Ron Bowes you can find here:
http://www.skullsecurity.org/wiki/index.php/Passwords.
Other list is from InsidePro:
https://web.archive.org/web/20120207113205/http://www.insidepro.com/eng/download.shtml.
An important one that hasn't been added to the list is the crackstation wordlist
The list contains every wordlist, dictionary, and password database leak that I could find on the internet (and I spent a LOT of time looking). It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of books from Project Gutenberg. It also includes the passwords from some low-profile database breaches that were being sold in the underground years ago.
Best thing is, its free, although you can (and should!) make a donation!
Some additional ones to add to those already suggested
- ftp://ftp.ox.ac.uk/pub/wordlists/ - Lists by language, may be an important point depending on the locations of the users...
- http://www.openwall.com/passwords/wordlists/ - The openwall project lists.
- While not strictly a dictionary site (although it does have some) http://sites.google.com/site/reusablesec/Home/presentations-and-papers has some good presentations on improving the performance of password crackers in general and john the ripper in particular