Re: Password assessment methodology

[Mike S <mikeofmany () gmail com>]

Don't forget comparison checks of the hashes if there is anything in
the policy about not reusing passwords. Especially between different
accounts like admin level versus daily.



On Mon, Aug 6, 2012 at 5:35 AM, akshar kanak <akshar.kanak1 () gmail com> wrote:
> Hi
>   I am not an expert in pentesting , i am just giving my suggestion
> and i am not sure to waht extent it might be applicable .  you can try
> to crack the passwords using the tools like "ophcrack"  for windows
> and "john the ripper "  for linux to check for the strength of the
> password . An internal survey can be conducted to check  for the
> length of the password , special chars used  by the people while they
> are creating any password .
>
> you can request the people  to create dummy password and then you can
> try to break it .
> it will give you an insight into how people choose their password .
>
> thanks and regards
> Akshar
>
>
>
> On Mon, Aug 6, 2012 at 12:16 AM, Anwar Khan <anwarrhce () gmail com> wrote:
> > Dear All,
> >
> > Please help me on doing the password assessment in internal penetration testing.
> > how you should do the password quality assessment according issaf and osstm.
> >
> > I have read the document of issaf and osstm but the approach to do
> > that is missing in that.
> >
> > Please advice.
> >
> > Thanks in advance.
> >
> > Rgds,
> > Anwar
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> > how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



-- 
Mike of Many Stories, Ideas, and Ramblings
Game Chef 2009, 2010
NaNoWriMo 2008, 2009

http://mikeofmanystories.blogspot.com/ - writings
http://mikeofmany.wordpress.com/ - personal bloggery

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------