a selection of word lists sorted by frequency

All word lists were generated from a huge multi-billion sample of language called a corpus which ensures all topics and text types are covered and the word list reflects how words are used by real users. The word lists include the most common and frequently used words, most frequently used nouns, verbs, adjectives and prepositions and some additional word lists.

Word Lists for Scholars Going to the USA for Study

5000 Word Book

Large English Vocabulary Word Lists

These are lists of basic vocabulary compiled by various people with the aim of selecting words worth learning for various levels.

• VOA Special English Word List (1510 Words)
• Nolls' Top 3,000 American English Words
• etc

Stuart Schechter writes about the security risks of using a password manager. It's a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on.

My own Password Safe is mentioned. My particular choices about security and risk is to only store passwords on my computer -- not on my phone -- and not to put anything in the cloud. In my way of thinking, that reduces the risks of a password manager considerably. Yes, there are losses in convenience.

password manager

All passwords are first hashed before being stored. A hash is a one way mathematical function that transforms an input into an output. It has the property that the same input will always result in the same output. Modern hashing algorithms are very difficult to break, so one feasible way to discover a password is to perform a brute force attack on the hash.

There are a few factors used to compute how long a given password will take to brute force. To compute the time it will take, you must know the length of the password, the character set used, and how many hashes can be checked every second.

On a modern computer (8 core, 2.8 GHz) using the SHA512 hashing algorithm, it takes about 0.0017 milliseconds to compute a hash. This translates to about 1.7*10^-6 seconds per password, or 588235 passwords per second. Although we will not use the metric in this article, it is important to note that a GPU, or 3D card, can calculate hashes at a speed 50-100 times greater than a computer. For the purposes of this KB article, we will calculate how long given passwords can be cracked using a single modern computer. We also calculate how long they can be cracked using a supercomputer, which is approximately equivalent to a botnet with 100000 computers. Modern supercomputers can be up to 150000 faster than their desktop counterparts and a 100000 computer botnet is feasible; the largest botnet to date is estimated to have 12 million computers. We also assume that on average, the password will be cracked when half of the possible passwords are checked.

To demonstrate the importance of password complexity, let's start with a pincode password such as "123456789". In this case, the character set (0123456789) consists of 10 characters. For a 9 digit password using this character set, there are 10^9 possible password combinations. Therefore, it will take (1.710^-6 10^9) seconds / 2, or 14.17 minutes, to break this password on average. On a supercomputer or botnet, we divide this by 100000, so it would take 0.0085 seconds to break a password. //

o, even if you use a very secure set of characters, your password should be at least 10 characters long. To break a 10 character password that uses letters, numbers, and symbols, such as "%ZBGbv]8g?", it would take (1.710^-6 80^10) seconds / 2 or 289217 years. This would take about 3 years on a supercomputer or botnet.