[unisog] [Fwd: Is the current password std flawed?]

Gary Flynn flynngn at jmu.edu
Fri Feb 25 01:13:59 GMT 2005


Russell Fulton wrote:

>Hmmm.... fro  my manager.  What do you think?
>  
>

While it may rule out some combinations, it probably adds a lot
more. Its probably mathematically provable but its not something
I want to work out (assuming I could :).

>I'll post my ideas on this tomorrow.
>
>Russell
>
>-------- Forwarded Message --------
>From: Stephen Taylor (ITSS) <stay091 at vxchange.vcr.auckland.ac.nz>
>To: Russell Fulton <rful011 at vxchange.vcr.auckland.ac.nz>, Bojan Zdrnja
><b.zdrnja at auckland.ac.nz>
>Subject: Is the current password std flawed?
>Date: Fri, 25 Feb 2005 13:42:51 +1300
>As part of my discussion with CS re NetAccount v 2 enhancements we
>looked at the UoA Password Std.
>
>The following comments were made by CS.
>
>By asking that all passwords must have a numeric and a special character
>we are making it easier for cracking tools because we have effectively
>reduced the "pool" of possible password combinations; e.g. no need to
>check for a password such as "gHsrYBoZ" as this would be rejected as not
>valid.
>
>Similarly by not allowing all numerics such as "33892536".
>
>Thoughts?
>
>Steve
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>unisog mailing list
>unisog at lists.sans.org
>http://www.dshield.org/mailman/listinfo/unisog
>  
>




More information about the unisog mailing list