Date: Wed, 19 Jun 2002 11:01:06 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Klaus Steden <klaus@compt.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Password security Message-ID: <20020619104812.W14256-100000@ren.sasknow.com> In-Reply-To: <20020619013603.O99167@cthulu.compt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Klaus Steden wrote to Ryan Thompson: > In the meantime, you could crack them on a regular basis for them. > John the Ripper does a pretty good job of my password files, with a > dictionary of about 6 million odd words. Done that. About 10% of the passwords fell within the first 10 minutes. After 36 hours on a PII-400MHz machine, I had done only a little better than that. That's probably *better* than many systems, but as long as one staff member's account can be easily compromised, I won't take much comfort in being "more secure" than the next network. :-) Ironically, our untrained customers seem to be at least as good as our trained staff members at choosing secure passwords. Knowledge and practice are clearly two orthogonal axes. :-) So, that's why I'm making an effort to mandate stronger passwords for staff members. (Customers are limited to chroot()'d FTP logins only, and staff members can be trained and encouraged to follow directions. :-) - Ryan -- Ryan Thompson <ryan@sasknow.com> SaskNow Technologies - http://www.sasknow.com 901 1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-664-3630 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020619104812.W14256-100000>