Date: 23 Dec 2002 23:05:07 +0000 From: Stacey Roberts <stacey@vickiandstacey.com> To: Stephen Hovey <shovey@buffnet.net> Cc: paul beard <paulbeard@mac.com>, FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: L0phtcrack Message-ID: <1040684706.58381.120.camel@localhost> In-Reply-To: <Pine.BSF.4.05.10212231756590.2344-100000@buffnet11.buffnet.net> References: <Pine.BSF.4.05.10212231756590.2344-100000@buffnet11.buffnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2002-12-23 at 22:57, Stephen Hovey wrote: > Ive used such utilities in the past.. > Same here. Various border-penetration tools and passwd crackers that run fortnightly, are used by my team at work. I don't disagree with their existence, nor stated terms of usage. The poster has already answered the followup question in my original reply.., which was very good of him. Regards, Stacey > Basically, the only way a legit admin can secure things, is if they have > access to the same tech the bad guys use.. otherwise they can never be > really certain they have things shored up. > On Mon, 23 Dec 2002, paul beard wrote: > > > Stacey Roberts wrote: > > > > > > > > Why would you want to do this? Personally, I figure its prudent to ask. > > > > > It does have some legitimate uses, according to this page ( > > http://www.atstake.com/research/lc/ ): > > > > > Consider that at one of the largest technology companies, where > > > policy required that passwords exceed 8 characters, mix cases, > > > and include numbers or symbols... > > > > > > * L0phtCrack obtained 18% of the passwords in 10 minutes > > > * 90% of the passwords were recovered within 48 hours on a Pentium > > > II/300 > > > * The Administrator and most Domain Admin passwords were > > > cracked > > > > > > It doesn't have to be this way. Crack-resistant passwords are > > > achievable and practical. But password auditing is the only > > > sure way to identify user accounts with weak passwords. LC4 > > > offers an easy and adaptable way to address this threat and > > > find vulnerable passwords. > > > > > Take it from a 1998 Microsoft security bulletin: > > > > > > "consider evaluating a tool such as L0phtcrack 2.0 for > > > assisting in checking the quality of user passwords." > > > > > > > > -- > > Paul Beard: seeking UNIX/internet engineering work > > <http://paulbeard.no-ip.org/paulbeard.html>; > > 8040 27th Ave NE Seattle WA 98115 / 206 529 8400 > > > > "Laughter is the closest distance between two people." > > -- Victor Borge > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1040684706.58381.120.camel>