Educause Security Discussion mailing list archives
Re: Password Cracking & Consequences
From: "Davis, Thomas R." <tdavis () IU EDU>
Date: Fri, 27 Aug 2004 14:05:40 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Mills Sent: Friday, August 27, 2004 1:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password Cracking & Consequences
IT staff knowingly cracking passwords is not a good practice.
I hesitate to respond because this thread could go on for days, but here I go! ;-) Whether or not password cracking by the good guys is a good practice will vary based on circumstances IMHO. For example, if you don't have password expiration set for your accounts (that's another can of worms), it might be nice to take a look at those stale passwords. What constitutes a good password changes over time. This topic is akin to the debate over ethical hacking. - -- Tom Davis, Information Technology Security Officer, CISSP, CISM Office of the VP for Information Technology, Indiana University PGP key or S/MIME certificate: https://www.itso.iu.edu/staff/tdavis/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQS+F5XMQ7XQGtBENEQJbwgCghJ6nJtMX/KotaoUuXCaYWD9es3cAn0yS fXtLnHw+/+mg96I7cUf4ag77 =pcj0 -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password Cracking & Consequences, (continued)
- Re: Password Cracking & Consequences Justin Azoff (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Mike Austin (Aug 27)
- Re: Password Cracking & Consequences Davis, Thomas R. (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Cal Frye (Aug 28)
- Re: Password Cracking & Consequences Jere Retzer (Aug 28)
- Re: Password Cracking & Consequences Brian Eckman (Aug 29)
- Re: Password Cracking & Consequences Ron Parker (Aug 30)
- Re: Password Cracking & Consequences Wayne Wilson (Aug 30)
- Re: Password Cracking & Consequences Wayne Wilson (Aug 30)