[unisog] [Fwd: Is the current password std flawed?]

Russell Fulton r.fulton at auckland.ac.nz
Fri Feb 25 00:55:20 GMT 2005


Hmmm.... fro  my manager.  What do you think?

I'll post my ideas on this tomorrow.

Russell

-------- Forwarded Message --------
From: Stephen Taylor (ITSS) <stay091 at vxchange.vcr.auckland.ac.nz>
To: Russell Fulton <rful011 at vxchange.vcr.auckland.ac.nz>, Bojan Zdrnja
<b.zdrnja at auckland.ac.nz>
Subject: Is the current password std flawed?
Date: Fri, 25 Feb 2005 13:42:51 +1300
As part of my discussion with CS re NetAccount v 2 enhancements we
looked at the UoA Password Std.

The following comments were made by CS.

By asking that all passwords must have a numeric and a special character
we are making it easier for cracking tools because we have effectively
reduced the "pool" of possible password combinations; e.g. no need to
check for a password such as "gHsrYBoZ" as this would be rejected as not
valid.

Similarly by not allowing all numerics such as "33892536".

Thoughts?

Steve

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050225/524c200f/smime.bin


More information about the unisog mailing list