Re: Password Cracking & Consequences

[Michael Mills <mmills () RKON COM>]

Lol....

No wonder there are so many problems!!!!!!!!!


Mike

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn
Sent: Friday, August 27, 2004 2:38 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Cracking & Consequences

Michael Mills wrote:


> To not lose my main point, IT staff knowingly cracking passwords is not a
> good practice.  It is also not part of any recommended "Best Practices".

Whose best practices? ;)

http://www.cert.org/tech_tips/usc20_full.html#5.0
http://www.cert.org/tech_tips/passwd_file_protection.html
http://csrc.ncsl.nist.gov/publications/drafts/security-testing.pdf
http://www.itsc.state.md.us/oldsite/info/InternetSecurity/BestPractices/Auth
entic.htm
http://www.more.net/security/best/unix10.html


Perhaps if we had initiated this discussion with the
term "password strength testing" rather than
"password cracking" it may have been received differently.
Network vulnerability scanners include password
strength testing along with their other tests. Those tests
too, could be viewed as cracking tools rather than
vulnerability tests.

--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

This email and any files transmitted with it are confidential and intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the individual named. If you are not the named 
addressee you should not disseminate, distribute or copy this e-mail.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.