Educause Security Discussion mailing list archives
Re: Password strength
From: Joseph Tam <tam () MATH UBC CA>
Date: Thu, 26 Oct 2017 23:13:17 -0700
On Thu, 26 Oct 2017, Dale Lee wrote:
The only way that I know to audit password strength is to reverse/crack the password.
Well, you could intercept the password in any of your authenicated system, then test it, recording users that failed that test. It's a lot easier to assess strength when you have the password than to reverse engineer it. (Of course, this won't work for inactive accounts.) I used the interception technique to convert passwords to stronger hashes. Joseph Tam <tam () math ubc ca>
Current thread:
- Password strength WALTER KERNER (Oct 26)
- Re: Password strength Mccormick, Kevin (Oct 26)
- Re: Password strength Dale Lee (Oct 26)
- Re: Password strength Valdis Kletnieks (Oct 26)
- Re: Password strength Taylor Randle (Oct 26)
- Re: Password strength Dale Lee (Oct 26)
- <Possible follow-ups>
- Re: Password strength Rich Graves (Oct 26)
- Re: Password strength Joseph Tam (Oct 26)
- Re: Password strength Mccormick, Kevin (Oct 26)