Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: Zach Jansen <zjanse20 () CALVIN EDU>
Date: Tue, 20 Nov 2007 13:54:18 -0500
On 11/19/2007 at 3:01 PM, in message <4741EBAD.2010903 () albany edu>, Martin
Manjak <mm376 () ALBANY EDU> wrote:
This is a tangential topic, but I was wondering if anyone on the list was familiar with brute force tools that would work against web forms. My concern is that without some kind of lock out policy, an account with a 8 character password would be vulnerable to a brute force attack.
You may want to look at Brutus or THC Hydra if you want to run password guessing attacks against login forms. However, I agree with Gary Flynn's response that this tactic isn't really very useful except to audit against really basic dictionary based passwords or default passwords because of the time involved with a large number of attempts. Zach -- Zach Jansen Information Security Officer Calvin College Phone: 616.526.6776 Fax: 616.526.8550
Current thread:
- Re: Passwords & Passphrases, (continued)
- Re: Passwords & Passphrases Mike Porter (Nov 20)
- Re: Passwords & Passphrases Willis Marti (Nov 20)
- Re: Passwords & Passphrases Bob Bayn (Nov 20)
- Re: Passwords & Passphrases Steven Carmody (Nov 20)
- Re: Passwords & Passphrases Roger Safian (Nov 20)
- Re: Passwords & Passphrases Harold Winshel (Nov 20)
- Re: Passwords & Passphrases Steven Alexander (Nov 20)
- Re: Passwords & Passphrases John Ladwig (Nov 20)
- Re: Passwords & Passphrases Ozzie Paez (Nov 20)
- Re: Passwords & Passphrases David Harley (Nov 20)
- Re: Passwords & Passphrases Zach Jansen (Nov 20)
- Re: Passwords & Passphrases Gary Flynn (Nov 20)
- Re: Passwords & Passphrases Matthew Gracie (Nov 20)
- Re: Fwd: Passwords & Passphrases Andrea Beesing (Nov 20)
- Re: Passwords & Passphrases Eric Case (Nov 21)
- Re: Passwords & Passphrases Andrea Beesing (Nov 25)
- Re: Passwords & Passphrases Kees Leune (Nov 26)
- Re: Passwords & Passphrases Paul Keser (Nov 26)