[unisog] password checker?

Ray Strubinger rays at phhp.ufl.edu
Wed Jun 1 17:48:23 GMT 2005


>>> "Matt Ashfield" <mda at unb.ca> 6/1/2005 8:42 AM >>>

We have a scrubbing process that new machines go through before they get
registered for use on the network. One feature we'd like to add to this
process is a password checker for windows boxes. Basically, we'd like
something that checks the passwords for the users, and if it's simple/easy,
we'd like to get them to change it.


Microsoft's Baseline Security Analyzer can do weak password checks among other things.

http://support.microsoft.com/default.aspx?scid=kb;en-us;320454

Depending on the flavor of Windows, the registry settings, and the password length just about any Windows password could be considered weak if an attacker can obtain the hashes and look them up in a Rainbow table.

-Ray





More information about the unisog mailing list