RE: "Proactive" Password Checking

["Eric Toll" <etoll () syracusesupply com>]

Just read this password checking thread and a lot of you seem to say, some things which seem a bit strange to me.
  
A complex password does not have to be something like "$5dsdDe%AzW3q"  this is hard to crack and hard to remember.  
(users forgetting or writing it down) 

Now consider the password "maryhadalittlelamb"  hard to crack, easy to remember, not a problem for dictionary crackers. 
  Just tell users to put a few words _together_ for security, like their favorite song lyric or something.  

I felt obligated to tell you all this, because it felt like no person in the thread was aware or voiced this.



> > > "Kurt Buff" <kurtbuff () lightmail com> 11/05/99 07:35PM >>>
-----BEGIN PGP SIGNED MESSAGE-----

He may be talking about a tool from a company called Quackenbush:

http://www.l0pht.com/advisories/pwapprais.txt 

Given the analysis I've seen, I wouldn't get the Quackenbush
product/service, unless things have changed recently.

L0phtcrack is mentioned in this paper as well, but it's not a
password checker, it a password cracker, and a really good one. AFAIR
it doesn't do scheduled anything, but it's been a while since I've
played with it. Put it in your toolkit, though.

Kurt

| -----Original Message-----
| From: owner-firewall-wizards () lists nfr net 
| [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Jim 
| Raykowski
| Sent: Wednesday, November 03, 1999 6:20 AM
| To: Owner-Firewall-Wizards
| Subject: "Proactive" Password Checking
| 
| 
| Just got a strange request from the boss about password checking.
| Now do not get me wrong, when the boss says he wants to be more
| security conscience I get excited especially when he backs it up
| with money.  Now I need your all's help. 
|   He said that he read an article about a piece of software, that
| runs on NT, that automatically checks passwords every so often or
| however often you schedule it.  However, he can not remember where
| he saw the article or what the software is.  Do you all have any
| idea? TIA, Jim Raykowski        San Diego, CA jimrski () san rr com  
| MCSE, MCP. MCP + I  
| 
| 
|               / /  (_)__  __ ____  __
|              / /__/ / _ \/ // /\ \/ /
|             /____/_/_//_/\_,_/ /_/\_\
|    * * * THE CHOICE OF A GNU GENERATION * *
| 
| --------------------------------------------
|  Nothing is fool-proof to a talented fool.
| --------------------------------------------
| 
| "If I read while sitting the toilet am I multitasking?"
| 

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1

iQEVAwUBOCN35Xbbun6mUpkrAQHiDAgAwrmmVQRluo3uTY/CJ83Q7IHdGdmg08aB
cv1EYBdmLttPNVnccRsmy2B44EuGN/ZUUwGfJ/uztKVyBQJjHOqQ33lr+dBIkJ6F
dhgUc3YUj0LHX8TFH1hLKPMfSgAvmtGGtp+OcVSxYjX61+o8HRpXUdsba9Kzr6RS
bB2m2t127TuJ6AnoN16bOShezki9eRahHGPJQfZbM9Kae9lMOetE+lPmqJwWxgfJ
VpoxJek0P4JlYf/9Da+wPDYqrBYZUVOSVAcnbBnkcaMcGldFutMx8D3Q92aHQPl5
c9QyTJAA1xPDV80bb43a9PemRjIDSUL0dWHmp5fitocCL1c0mGTphg==
=V4sW
-----END PGP SIGNATURE-----