A wordlist refers to a text file containing a set of words used in a dictionary attack. A dictionary attack is a process involving the use of every word in the dictionary as a possible password to open an encrypted message.
Wordlists were created because of the fact that most users choose very weak passwords. For instance, many users simply use the word “password” or “computer” as their system password. Systems make use of wordlists for a number of purposes. The most common functions of wordlists involve checking and auditing Unix or Windows passwords. Users can also recover lost passwords of folders and files through a wordlist. Common examples of these are passwords of compressed or zipped files.
Wordlists are also used to carry out a dictionary attack against systems allowing recurring log-in attempts. These systems include POP3 and SSH.
Users need to have one based on the number of target accounts they are dealing with to optimize the results of the wordlist. If users are working with a large number of target accounts, a smaller wordlist can increase the user’s chance to find the right password. A large wordlist is more useful when the user has a smaller number of target accounts or a single target account.
The World Wide Web is a good source of wordlists. There are numerous FTP links that let users download small and large wordlists. A number of encryption-related websites also offer a set of wordlists to its visitors.