Penetration Testing mailing list archives
RE: Password Auditing
From: "Ken Kousky" <kkousky () ip3inc com>
Date: Sat, 5 May 2007 08:04:56 -0400
Isn't a weak password any password that your users don't know. That is, if it's something you give them with lots of strange characters it's NOT something they know making it a WEAK password. IT Security people still have this completely backwards. All the garbage about password auditors assure you of a password that your users don't know, forcing them to write it down and creating a WEAKER system than if you did nothing. Please stop breaking the authentication model and work on second factors leaving one factor, as simple as a pin, as a factor your users know! KWK -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Manuel Arostegui Ramirez Sent: Friday, May 04, 2007 4:39 PM To: pen-test () securityfocus com Subject: Re: Password Auditing El Viernes, 4 de Mayo de 2007 19:50, Mike Gibson escribió:
Can anyone recommend a good password auditing tool. Basically I want to identify weak passwords on my servers (Windows, Linux, Unix). Ideally this would be done by a tool that could remotely fetch the local password database and then attempt to brute force the passwords and prepare a report in a central location. Any suggestions?
Try Babel Enterprise: http://babel.sf.net -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Password Auditing Mike Gibson (May 04)
- RE: Password Auditing Beauchamp, Brian (May 04)
- RE: Password Auditing John Babio (May 04)
- Re: Password Auditing Manuel Arostegui Ramirez (May 04)
- RE: Password Auditing Ken Kousky (May 05)
- Re: Password Auditing kevin (May 04)
- Re: Password Auditing Nico Golde (May 04)
- Re: Password Auditing crazy frog crazy frog (May 06)
- Re: Password Auditing rajat swarup (May 07)
- Re: Password Auditing Christine Kronberg (May 07)
- <Possible follow-ups>
- RE: Password Auditing Brungardt, Jill (May 04)
- Re: Password Auditing kevin.horvath (May 07)