Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Cracking & Consequences

From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 27 Aug 2004 15:38:16 -0400
Michael Mills wrote:



To not lose my main point, IT staff knowingly cracking passwords is not a
good practice.  It is also not part of any recommended "Best Practices".


Whose best practices? ;)

http://www.cert.org/tech_tips/usc20_full.html#5.0
http://www.cert.org/tech_tips/passwd_file_protection.html
http://csrc.ncsl.nist.gov/publications/drafts/security-testing.pdf
http://www.itsc.state.md.us/oldsite/info/InternetSecurity/BestPractices/Authentic.htm
http://www.more.net/security/best/unix10.html


Perhaps if we had initiated this discussion with the
term "password strength testing" rather than
"password cracking" it may have been received differently.
Network vulnerability scanners include password
strength testing along with their other tests. Those tests
too, could be viewed as cracking tools rather than
vulnerability tests.

--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: