Date: Mon, 23 Dec 2002 14:44:36 -0800 From: paul beard <paulbeard@mac.com> To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: L0phtcrack Message-ID: <3E0791D4.4090407@mac.com> References: <DAV68O0BnRKa8Th6kx800012e3d@hotmail.com> <1040682606.58381.96.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Stacey Roberts wrote: > > Why would you want to do this? Personally, I figure its prudent to ask. > It does have some legitimate uses, according to this page ( http://www.atstake.com/research/lc/ ): > Consider that at one of the largest technology companies, where > policy required that passwords exceed 8 characters, mix cases, > and include numbers or symbols... > > * L0phtCrack obtained 18% of the passwords in 10 minutes > * 90% of the passwords were recovered within 48 hours on a Pentium > II/300 > * The Administrator and most Domain Admin passwords were > cracked > > It doesn't have to be this way. Crack-resistant passwords are > achievable and practical. But password auditing is the only > sure way to identify user accounts with weak passwords. LC4 > offers an easy and adaptable way to address this threat and > find vulnerable passwords. > Take it from a 1998 Microsoft security bulletin: > > "consider evaluating a tool such as L0phtcrack 2.0 for > assisting in checking the quality of user passwords." -- Paul Beard: seeking UNIX/internet engineering work <http://paulbeard.no-ip.org/paulbeard.html>; 8040 27th Ave NE Seattle WA 98115 / 206 529 8400 "Laughter is the closest distance between two people." -- Victor Borge To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E0791D4.4090407>