You can use the milw0rm list of hashes.   Just pick the ones that it hasn't / didn't crack.   

http://www.milw0rm.com/cracker/list.php

Thanks Ketchup.

I was already aware of milw0rm but it doesn't really suit my requirements.

I want to try to optimise the speed of the cracking, I won't be trying (or able to be honest) to increase the success rate.
For my testing, I need real average type passwords. The passwords that milw0rm hasn't or didn't crack will be more unusual.
Also for similar reasons, I can't use the list of passwords that it has cracked because I want a statistically Normal representative of passwords.

Thanks hackly66, that is a useful site. I have also used the Crypt::PasswdMD5 perl module to create a fairly simple script that allows me to encrypt lists of passwords. However, for my testing I can't use my own passwords, I need real passwords.

 

Thanks Ketchup, but sorry, I can’t really do that. I think that I didn’t explain my request clearly in the original post.

Let me start (restart) by trying to explaining more about the project that I am trying to do.

My project is called - A Statistical Analysis of Password Composition – I decided to do this because I am slightly in awe of good statistics. They can be fascinating. One particularly interesting statistic is called Benford's Law http://www.intuitor.com/statistics/Benford%27s%20Law.html.  According to Benford’s Law, natural occurring numbers statistically begin with the lower order digits; 30% start with "1", 18% with "2" etc down to only 4.6% starting with 9. Rather than all the digits, 1-9, having an equal 11% chance of starting with these numbers. This seems counter-intuitive. This law has been used by tax authorities to easily discover dodgy accounts because if people are using made up numbers they tend to use as many numbers starting with a 9 as numbers starting with a one.

I decided to do an analysis of passwords to see if I could find any interesting statistical trends. To do this I got lists of cracked passwords from cracking sites such as milw0rm and gdataonline. I then had to manipulate the data a bit, for example, to filter out duplicate requests from the same person.
I now have some possible trends that I need to test to confirm that that they are correct. To do this I can’t use any of the data that I already have and I can’t make up the data. It might be OK for companies trying to sell fish oil pills to do this but I want to get good true results. For example, say I was trying to work out the odds of the result of a coin toss and I flipped a coin 6 times and I got six heads (it is possible). I could deduce that flipping a coin will always results in heads. Now if I want to test this theory, I need new data, if I use my existing data (the previous six heads results) I will confirm that it always results in heads...

So, what I was hoping to get from you guys was actual hashes that you encountered through your work as ethical hackers etc.

Thanks,
Ants

Will you publish your work once it is finished? Would be an interesting read.

Maybe you can download some wordlists and generate from them the hashes - shouldn't be hard to automate this process. Wordlists are widely available and should offer you enough passwords which are not in your list yet. If it is really that big you may consider wordlists from foreign languages for example - depending on your thesis are not focused on English words/ phrases/ passwords only.

Hey, thanks everybody for your input. I think that I should now be able to workout a way forward.

Thanks plan2000, I'll check out that Markovian filter, sounds interesting.

And yeah, I'll publish here in a month or two. I hope that it holds up to your expectations.

Ants,

I would look into the research of Matt Weir of FSU. Sounds right up your alley.

http://sites.google.com/site/reusablesec/
http://reusablesec.blogspot.com/

His talk at Defcon this year:

Last year he did a presentation on the using dictionary based rainbow tables to crack approx 15% more of the myspace.com hash list. If i remember correctly.