Educause Security Discussion mailing list archives
Re: Password policy publication
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Tue, 28 Oct 2008 09:32:10 -0500
At 09:26 AM 10/28/2008, Shalla, Kevin put fingers to keyboard and wrote:
Doesn't this require stealing the password file, so that you can run the brute-force attack? Or are we protecting from sysadmins who already have access to the password file?
Not really...I've seen brute force attempts many times in my logs. You just try common passwords, and hope for the best. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Password policy publication Geoff Nathan (Oct 25)
- <Possible follow-ups>
- Re: Password policy publication Roger Safian (Oct 27)
- Re: Password policy publication Allison Dolan (Oct 27)
- Re: Password policy publication Valdis Kletnieks (Oct 27)
- Re: Password policy publication Shalla, Kevin (Oct 28)
- Re: Password policy publication Adam Nave (Oct 28)
- Re: Password policy publication Roger Safian (Oct 28)
- Re: Password policy publication Shalla, Kevin (Oct 28)
- Re: Password policy publication Valdis Kletnieks (Oct 28)
- Re: Password policy publication Steven Alexander (Oct 28)
- Re: Password policy publication Roger Safian (Oct 28)
- Re: Password policy publication Matthew Gracie (Oct 29)