On Mon, 2002-12-23 at 22:57, Stephen Hovey wrote: > Ive used such utilities in the past.. >
Same here. Various border-penetration tools and passwd crackers that run fortnightly, are used by my team at work. I don't disagree with their existence, nor stated terms of usage. The poster has already answered the followup question in my original reply.., which was very good of him. Regards, Stacey > Basically, the only way a legit admin can secure things, is if they have > access to the same tech the bad guys use.. otherwise they can never be > really certain they have things shored up. > On Mon, 23 Dec 2002, paul beard wrote: > > > Stacey Roberts wrote: > > > > > > > > Why would you want to do this? Personally, I figure its prudent to ask. > > > > > It does have some legitimate uses, according to this page ( > > http://www.atstake.com/research/lc/ ): > > > > > Consider that at one of the largest technology companies, where > > > policy required that passwords exceed 8 characters, mix cases, > > > and include numbers or symbols... > > > > > > * L0phtCrack obtained 18% of the passwords in 10 minutes > > > * 90% of the passwords were recovered within 48 hours on a Pentium > > > II/300 > > > * The Administrator and most Domain Admin passwords were > > > cracked > > > > > > It doesn't have to be this way. Crack-resistant passwords are > > > achievable and practical. But password auditing is the only > > > sure way to identify user accounts with weak passwords. LC4 > > > offers an easy and adaptable way to address this threat and > > > find vulnerable passwords. > > > > > Take it from a 1998 Microsoft security bulletin: > > > > > > "consider evaluating a tool such as L0phtcrack 2.0 for > > > assisting in checking the quality of user passwords." > > > > > > > > -- > > Paul Beard: seeking UNIX/internet engineering work > > <http://paulbeard.no-ip.org/paulbeard.html> > > 8040 27th Ave NE Seattle WA 98115 / 206 529 8400 > > > > "Laughter is the closest distance between two people." > > -- Victor Borge > > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message