Educause Security Discussion mailing list archives
Re: Password Cracking & Consequences
From: Michael Mills <mmills () RKON COM>
Date: Fri, 27 Aug 2004 15:26:30 -0500
Lol.... No wonder there are so many problems!!!!!!!!! Mike -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn Sent: Friday, August 27, 2004 2:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password Cracking & Consequences Michael Mills wrote:
To not lose my main point, IT staff knowingly cracking passwords is not a good practice. It is also not part of any recommended "Best Practices".
Whose best practices? ;) http://www.cert.org/tech_tips/usc20_full.html#5.0 http://www.cert.org/tech_tips/passwd_file_protection.html http://csrc.ncsl.nist.gov/publications/drafts/security-testing.pdf http://www.itsc.state.md.us/oldsite/info/InternetSecurity/BestPractices/Auth entic.htm http://www.more.net/security/best/unix10.html Perhaps if we had initiated this discussion with the term "password strength testing" rather than "password cracking" it may have been received differently. Network vulnerability scanners include password strength testing along with their other tests. Those tests too, could be viewed as cracking tools rather than vulnerability tests. -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password Cracking & Consequences, (continued)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Mike Austin (Aug 27)
- Re: Password Cracking & Consequences Davis, Thomas R. (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Cal Frye (Aug 28)
- Re: Password Cracking & Consequences Jere Retzer (Aug 28)
- Re: Password Cracking & Consequences Brian Eckman (Aug 29)
- Re: Password Cracking & Consequences Ron Parker (Aug 30)
- Re: Password Cracking & Consequences Wayne Wilson (Aug 30)
- Re: Password Cracking & Consequences Wayne Wilson (Aug 30)