[unisog] Password auditing

Peter Van Epp vanepp at sfu.ca
Fri Jul 1 17:52:31 GMT 2005


On Fri, Jul 01, 2005 at 10:25:57AM -0700, Dave Dittrich wrote:
> > Both Steve and Dave make good points about dictionary based auditing
> > but I worry that that would not have helped in our case earlier in
> > the week.  Dictionary based attacks and defences are only as good as
> > the dictionaries you have access to and unless you can add in what
> > the latest attack tools are using you are going to miss things.
> >
> > Hmmm... Dave do you know if anyone collects these lists and colates
> > them?  I've go one hot from the forensics ;)
> 
<snip>
	There is a good whack of them still on ftp.ox.ac.uk in /pub/wordlists.
I don't know if it is being kept up though (my original reference is from 1996).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada


More information about the unisog mailing list