PaulDotCom mailing list archives
Tools for password analysis
From: rgula at tenablesecurity.com (Ron Gula)
Date: Sat, 28 Nov 2009 18:43:53 -0500
Francois Lachance wrote:
I am currently doing a password audit for my employer. I am somewhat shocked at the success rate Opthcrack liveCD returns with the free small rainbow table in an AD network that has the complex password GPO setting turned on - 96% after 5:50hrs Now that I have all those juicy passwords, I would like to do some kind of analysis to make recommendations to management. My first recommendation will probably be to increase the minimum password length. I have two questions for the list: 1. What tools can I use to do that analysis? 2. Is there a way to force better complex password rules than what Microsoft provides in Windows 2003?
If you are using the Nessus ProfessionalFeed, it includes many different polices (CIS, FDCC, .etc) that include password auditing on various operating systems, and you can write your own too. I'm not surprised you were able to crack passwords this fast, but a quick audit of the systems in question would also tell you the age of the passwords, how often they are changed, and so on. -- Ron Gula, CEO Tenable Network Security
Current thread:
- Tools for password analysis Francois Lachance (Nov 27)
- Tools for password analysis Jim Halfpenny (Nov 28)
- Tools for password analysis Ron Gula (Nov 28)
- Tools for password analysis Timothy Legge (Nov 29)
- <Possible follow-ups>
- Tools for password analysis Christopher Rimondi (Nov 28)
- Tools for password analysis helliott at knology.net (Dec 01)