Educause Security Discussion mailing list archives
Re: Password Cracking & Consequences
From: Cal Frye <cjf () CALFRYE COM>
Date: Sat, 28 Aug 2004 14:42:19 -0400
Gary Flynn wrote:
Perhaps if we had initiated this discussion with the term "password strength testing" rather than "password cracking" it may have been received differently. Network vulnerability scanners include password strength testing along with their other tests. Those tests too, could be viewed as cracking tools rather than vulnerability tests.
I still see a distinction between "strength testing" that does NOT reveal the password under test, and "cracking" that returns a list that could be used by the system administrator. The point was made that the legal case can be weakened for all sorts of excused, but I never want to be one of those myself. --Cal Frye, Network Administrator, Oberlin College www.ouuf.org, www.calfrye.com Footnote: Not to pick on you Gary, but you make some good points I want to elaborate on... Gary Flynn wrote: > Michael Mills wrote: > >> Even if that IT user would delete that audit trail, that deletion >> would show up in the audit trail. > > That may be the intention but I don't know of > too many commercial operating systems and > applications that can protect an audit trail > from a privileged user. Netware does a pretty good job, if you install the full auditing package. The administrator winds up with no rights to the audit trail, including explicit denial of access rights. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password Cracking & Consequences, (continued)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Mike Austin (Aug 27)
- Re: Password Cracking & Consequences Davis, Thomas R. (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Cal Frye (Aug 28)
- Re: Password Cracking & Consequences Jere Retzer (Aug 28)
- Re: Password Cracking & Consequences Brian Eckman (Aug 29)
- Re: Password Cracking & Consequences Ron Parker (Aug 30)
- Re: Password Cracking & Consequences Wayne Wilson (Aug 30)
- Re: Password Cracking & Consequences Wayne Wilson (Aug 30)