Educause Security Discussion mailing list archives
Re: Password Cracking & Consequences
From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 27 Aug 2004 15:38:16 -0400
Michael Mills wrote:
To not lose my main point, IT staff knowingly cracking passwords is not a good practice. It is also not part of any recommended "Best Practices".
Whose best practices? ;) http://www.cert.org/tech_tips/usc20_full.html#5.0 http://www.cert.org/tech_tips/passwd_file_protection.html http://csrc.ncsl.nist.gov/publications/drafts/security-testing.pdf http://www.itsc.state.md.us/oldsite/info/InternetSecurity/BestPractices/Authentic.htm http://www.more.net/security/best/unix10.html Perhaps if we had initiated this discussion with the term "password strength testing" rather than "password cracking" it may have been received differently. Network vulnerability scanners include password strength testing along with their other tests. Those tests too, could be viewed as cracking tools rather than vulnerability tests. -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password Cracking & Consequences, (continued)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Mike Austin (Aug 27)
- Re: Password Cracking & Consequences Davis, Thomas R. (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Cal Frye (Aug 28)
- Re: Password Cracking & Consequences Jere Retzer (Aug 28)
- Re: Password Cracking & Consequences Brian Eckman (Aug 29)
- Re: Password Cracking & Consequences Ron Parker (Aug 30)
- Re: Password Cracking & Consequences Wayne Wilson (Aug 30)
- Re: Password Cracking & Consequences Wayne Wilson (Aug 30)