From owner-freebsd-questions Mon Dec 23 14:44:41 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0158B37B401 for ; Mon, 23 Dec 2002 14:44:40 -0800 (PST) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BE4443EE5 for ; Mon, 23 Dec 2002 14:44:39 -0800 (PST) (envelope-from paulbeard@mac.com) Received: from mac.com (12-231-115-57.client.attbi.com[12.231.115.57]) by sccrmhc02.attbi.com (sccrmhc02) with SMTP id <20021223224438002000hbmke>; Mon, 23 Dec 2002 22:44:38 +0000 Message-ID: <3E0791D4.4090407@mac.com> Date: Mon, 23 Dec 2002 14:44:36 -0800 From: paul beard User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021210 X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD Questions Subject: Re: L0phtcrack References: <1040682606.58381.96.camel@localhost> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Stacey Roberts wrote: > > Why would you want to do this? Personally, I figure its prudent to ask. > It does have some legitimate uses, according to this page ( http://www.atstake.com/research/lc/ ): > Consider that at one of the largest technology companies, where > policy required that passwords exceed 8 characters, mix cases, > and include numbers or symbols... > > * L0phtCrack obtained 18% of the passwords in 10 minutes > * 90% of the passwords were recovered within 48 hours on a Pentium > II/300 > * The Administrator and most Domain Admin passwords were > cracked > > It doesn't have to be this way. Crack-resistant passwords are > achievable and practical. But password auditing is the only > sure way to identify user accounts with weak passwords. LC4 > offers an easy and adaptable way to address this threat and > find vulnerable passwords. > Take it from a 1998 Microsoft security bulletin: > > "consider evaluating a tool such as L0phtcrack 2.0 for > assisting in checking the quality of user passwords." -- Paul Beard: seeking UNIX/internet engineering work 8040 27th Ave NE Seattle WA 98115 / 206 529 8400 "Laughter is the closest distance between two people." -- Victor Borge To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message