RE: "Proactive" Password Checking

["Moore, James" <James.Moore () MSFC NASA GOV>]

Well, this is probably getting way off-topic, but...

Implementation of MS' sample code is apparently not straightforward. Based
on some material that turned up in the Google search engine for
"passfilt.dll", there may be some interactions between passfilt.dll and some
of NT's "system internals" that require a fair amount of savvy to handle. I
plan on looking into this a little further (when I can find the time); if
anyone's interested they can mail me direct.

I'm not sure I fully understand Alan's point wrt L0phtcrack etc., but I
don't believe password crackers obviate the utility of a tool such as
passfilt.dll.

Jim Moore
256.461.4381

----------- PGP PUBLIC KEY FINGERPRINT ------------
1D9C 3AC3 34E6 EEDF 22B9  7886 7797 6908 048F 049B
---------------------------------------------------


> -----Original Message-----
> From: Alan Ramsbottom [SMTP:ACR () als co uk]
> Sent: Tuesday, November 09, 1999 12:44 PM
> To:   'Moore, James'; firewall-wizards () lists nfr net
> Subject:      RE: "Proactive" Password Checking
>
> > > Is there a published API for developing such a .dll?
>
> There is sample code at:
>
>   http://support.microsoft.com/support/kb/articles/Q151/0/82.ASP 
>
> Bear in mind that you can't afford to spend the 5 (or 50 or 500 or..) mins
> that it might take Crack, John the Ripper, L0phtcrack et al to find a
> password. If anyone's worried enough to write custom password filters then
> they should probably run offline password crackers on a regular basis.
>
> -Alan-