diff --git a/lib/core/settings.py b/lib/core/settings.py
index 8dc45e1dd..9a8af364c 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -182,5 +182,8 @@ ERROR_PARSING_REGEXES = (
 
 META_CHARSET_REGEX  = r'<meta http-equiv="?content-type"?[^>]+charset=(?P<result>[^">]+)'
 
+# Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf
+COMMON_PASSWORD_SUFFIXES = ["1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", "69", "16", "6", "18"]
+
 # Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
-COMMON_PASSWORD_SUFFIXES = ["", "1", "2", "123", "12", "3", "7", "07", "11", "4", "5", "!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@"]
+COMMON_PASSWORD_SUFFIXES += ["!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@"]
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 00c652167..a6d039fc4 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -342,7 +342,7 @@ def dictionaryAttack(attack_dict):
 
         suffix_list = [""]
         if test[0] in ("y", "Y"):
-            suffix_list = COMMON_PASSWORD_SUFFIXES
+            suffix_list += COMMON_PASSWORD_SUFFIXES
 
         infoMsg = "starting dictionary attack (%s)" % __functions__[hash_regex].func_name
         logger.info(infoMsg)