Date: Mon, 23 Dec 2002 17:57:48 -0500 (EST) From: Stephen Hovey <shovey@buffnet.net> To: paul beard <paulbeard@mac.com> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: L0phtcrack Message-ID: <Pine.BSF.4.05.10212231756590.2344-100000@buffnet11.buffnet.net> In-Reply-To: <3E0791D4.4090407@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ive used such utilities in the past.. Basically, the only way a legit admin can secure things, is if they have access to the same tech the bad guys use.. otherwise they can never be really certain they have things shored up. On Mon, 23 Dec 2002, paul beard wrote: > Stacey Roberts wrote: > > > > > Why would you want to do this? Personally, I figure its prudent to ask. > > > It does have some legitimate uses, according to this page ( > http://www.atstake.com/research/lc/ ): > > > Consider that at one of the largest technology companies, where > > policy required that passwords exceed 8 characters, mix cases, > > and include numbers or symbols... > > > > * L0phtCrack obtained 18% of the passwords in 10 minutes > > * 90% of the passwords were recovered within 48 hours on a Pentium > > II/300 > > * The Administrator and most Domain Admin passwords were > > cracked > > > > It doesn't have to be this way. Crack-resistant passwords are > > achievable and practical. But password auditing is the only > > sure way to identify user accounts with weak passwords. LC4 > > offers an easy and adaptable way to address this threat and > > find vulnerable passwords. > > > Take it from a 1998 Microsoft security bulletin: > > > > "consider evaluating a tool such as L0phtcrack 2.0 for > > assisting in checking the quality of user passwords." > > > > -- > Paul Beard: seeking UNIX/internet engineering work > <http://paulbeard.no-ip.org/paulbeard.html>; > 8040 27th Ave NE Seattle WA 98115 / 206 529 8400 > > "Laughter is the closest distance between two people." > -- Victor Borge > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10212231756590.2344-100000>