Security Basics mailing list archives
Re: Password assessment methodology
From: Mike S <mikeofmany () gmail com>
Date: Mon, 6 Aug 2012 07:58:34 -0700
Don't forget comparison checks of the hashes if there is anything in the policy about not reusing passwords. Especially between different accounts like admin level versus daily. On Mon, Aug 6, 2012 at 5:35 AM, akshar kanak <akshar.kanak1 () gmail com> wrote:
Hi I am not an expert in pentesting , i am just giving my suggestion and i am not sure to waht extent it might be applicable . you can try to crack the passwords using the tools like "ophcrack" for windows and "john the ripper " for linux to check for the strength of the password . An internal survey can be conducted to check for the length of the password , special chars used by the people while they are creating any password . you can request the people to create dummy password and then you can try to break it . it will give you an insight into how people choose their password . thanks and regards Akshar On Mon, Aug 6, 2012 at 12:16 AM, Anwar Khan <anwarrhce () gmail com> wrote:Dear All, Please help me on doing the password assessment in internal penetration testing. how you should do the password quality assessment according issaf and osstm. I have read the document of issaf and osstm but the approach to do that is missing in that. Please advice. Thanks in advance. Rgds, Anwar ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-- Mike of Many Stories, Ideas, and Ramblings Game Chef 2009, 2010 NaNoWriMo 2008, 2009 http://mikeofmanystories.blogspot.com/ - writings http://mikeofmany.wordpress.com/ - personal bloggery ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Password assessment methodology Anwar Khan (Aug 06)
- Re: Password assessment methodology akshar kanak (Aug 06)
- Re: Password assessment methodology Mike S (Aug 06)
- Re: Password assessment methodology Anwar Khan (Aug 10)
- Re: Password assessment methodology TAS (Aug 13)
- Re: Password assessment methodology Mike S (Aug 06)
- Re: Password assessment methodology akshar kanak (Aug 06)