Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Password Cracking

From: "Teo Gomez" <tgomez () ubiquitelpcs com>
Date: Fri, 10 Sep 2004 14:23:17 -0400
Even enforcing complex passwords does not guarantee that passwords be
'strong.'  For example, October20,1977 is my birthday, and is a strong
password.  Try and get users to use pass phrases instead of passwords.
For example, My cat's hair is blue, is a complex pass phrase.

Teo

-----Original Message-----
From: Andrew Shore [mailto:andrew.shore () holistecs com] 
Sent: Wednesday, September 08, 2004 4:37 AM
To: Simon Zuckerbraun; security-basics () securityfocus com
Subject: RE: Password Cracking

Depending up on the servers strong passwords can be enforced.

NT4 SP4 and Win2k AD support this as do most Linux distributions.

That way you don't need to check the passwords.

-----Original Message-----
From: Simon Zuckerbraun [mailto:szucker () sst-pr-1 com] 
Sent: 05 September 2004 04:05
To: security-basics () securityfocus com
Subject: RE: Password Cracking

If I understand correctly, LC is capable of doing what you're asking.

Simon

-----Original Message-----
From: Eoin Fleming [mailto:rtfm () o2 ie]
Sent: Friday, August 27, 2004 4:44 PM
To: security-basics () securityfocus com
Subject: Password Cracking


Bit of an unusual one -

Lets imagine you are a security administrator at a company - strong 
passwords are enforced but you suspect that there may be exceptions and 
you want to raise management awareness of breaches of the password 
policy BUT you can't run cracking software as then you will know 
individuals passwords - which you don't want to know as this breaks 
acountability rather nicely.

In short - is there software that can perform the function of LC and 
John without giving the admin the password but rather rate the password 
against against a set criteria?


------------------------------------------------------------------------
---
Computer Forensics Training at the InfoSec Institute. All of our class
sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand
skills of
a certified computer examiner, learn to recover trace data left behind
by
fraud, theft, and cybercrime perpetrators. Discover the source of
computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------
----




------------------------------------------------------------------------
---
Computer Forensics Training at the InfoSec Institute. All of our class
sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand
skills of
a certified computer examiner, learn to recover trace data left behind
by
fraud, theft, and cybercrime perpetrators. Discover the source of
computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: