If I want to check passwords in my application for the inclusion of English words, should I store a database of English words locally (is there a free database?) or is there a (free) web service I can use to check them remotely?
Ideally I would check the words using an Ajax call but I don't want to pass the entire English dictionary by XML. I have a feeling network traffic could become a problem.
Any suggestions?
(Also, any Rails-specific suggestions?)
I would store them in a database/xml file on your web server, then use an Ajax Javascript call to a web service running on that same server. In ASP.NET this is easy to do; I'm not sure how involved this is when using rails...
/usr/share/dict/words contains a massive wordlist if you working on unix
Otherwise here is a ruby gem for something called wordnet which could easily solve your problem and probably include names of famous cities and people as well
You should google for 'password analysis' and check out some other common bad password patterns as well
Not sure what you're doing with the results, but you'll probably want to remove one (and maybe two) letter words from the list so you don't get too many hits that don't mean much.
If you use a web service you will introduce a delay, maybe some outage (if the service is unavailable). Your users will not like it. It is therefore more practical to check passwords against a local word list. However, your security requirements should be the most important factor in your decision.
You can use the algorithms/code/wordlist from this project: http://www.openwall.com/john/