[unisog] [Fwd: Is the current password std flawed?]
r.fulton at auckland.ac.nz
Fri Feb 25 00:55:20 GMT 2005
Hmmm.... fro my manager. What do you think?
I'll post my ideas on this tomorrow.
-------- Forwarded Message --------
From: Stephen Taylor (ITSS) <stay091 at vxchange.vcr.auckland.ac.nz>
To: Russell Fulton <rful011 at vxchange.vcr.auckland.ac.nz>, Bojan Zdrnja
<b.zdrnja at auckland.ac.nz>
Subject: Is the current password std flawed?
Date: Fri, 25 Feb 2005 13:42:51 +1300
As part of my discussion with CS re NetAccount v 2 enhancements we
looked at the UoA Password Std.
The following comments were made by CS.
By asking that all passwords must have a numeric and a special character
we are making it easier for cracking tools because we have effectively
reduced the "pool" of possible password combinations; e.g. no need to
check for a password such as "gHsrYBoZ" as this would be rejected as not
Similarly by not allowing all numerics such as "33892536".
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050225/524c200f/smime.bin
More information about the unisog