[unisog] [Fwd: Is the current password std flawed?]
hhoffman at ip-solutions.net
Fri Feb 25 03:24:26 GMT 2005
We are having a similar discussion regarding the programs that
auto-generate easily typed passwords and whether or not it would be
easier to brute force those passwords based upon key locations and how
most people type.
I'm interested to see what you come up with. Are you planning on doing
any tests to verify this?
Russell Fulton wrote:
> Hmmm.... fro my manager. What do you think?
> I'll post my ideas on this tomorrow.
> -------- Forwarded Message --------
> From: Stephen Taylor (ITSS) <stay091 at vxchange.vcr.auckland.ac.nz>
> To: Russell Fulton <rful011 at vxchange.vcr.auckland.ac.nz>, Bojan Zdrnja
> <b.zdrnja at auckland.ac.nz>
> Subject: Is the current password std flawed?
> Date: Fri, 25 Feb 2005 13:42:51 +1300
> As part of my discussion with CS re NetAccount v 2 enhancements we
> looked at the UoA Password Std.
> The following comments were made by CS.
> By asking that all passwords must have a numeric and a special character
> we are making it easier for cracking tools because we have effectively
> reduced the "pool" of possible password combinations; e.g. no need to
> check for a password such as "gHsrYBoZ" as this would be rejected as not
> Similarly by not allowing all numerics such as "33892536".
More information about the unisog