[unisog] [Fwd: Is the current password std flawed?]

Harry Hoffman hhoffman at ip-solutions.net
Fri Feb 25 03:24:26 GMT 2005


We are having a similar discussion regarding the programs that 
auto-generate easily typed passwords and whether or not it would be 
easier to brute force those passwords based upon key locations and how 
most people type.

I'm interested to see what you come up with. Are you planning on doing 
any tests to verify this?


Russell Fulton wrote:
> Hmmm.... fro  my manager.  What do you think?
> I'll post my ideas on this tomorrow.
> Russell
> -------- Forwarded Message --------
> From: Stephen Taylor (ITSS) <stay091 at vxchange.vcr.auckland.ac.nz>
> To: Russell Fulton <rful011 at vxchange.vcr.auckland.ac.nz>, Bojan Zdrnja
> <b.zdrnja at auckland.ac.nz>
> Subject: Is the current password std flawed?
> Date: Fri, 25 Feb 2005 13:42:51 +1300
> As part of my discussion with CS re NetAccount v 2 enhancements we
> looked at the UoA Password Std.
> The following comments were made by CS.
> By asking that all passwords must have a numeric and a special character
> we are making it easier for cracking tools because we have effectively
> reduced the "pool" of possible password combinations; e.g. no need to
> check for a password such as "gHsrYBoZ" as this would be rejected as not
> valid.
> Similarly by not allowing all numerics such as "33892536".

More information about the unisog mailing list