Re: estimate passwords

From: Lennart Freyberg (_l_e_n_n_u_at_-l-e-n-n-u-.de)
Date: 07/12/04

• Next message: Purl Gurl: "Re: date problem"
• Previous message: J. Romano: "Re: how perl set envirment variable"
• In reply to: Walter Roberson: "Re: estimate passwords"
• Next in thread: John Bokma: "Re: estimate passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Mon, 12 Jul 2004 02:13:05 +0200

Hi Walter,

> Is the input the password itself, or the encrypted password?
Sue me, but it is the password itself. The tools I use to change the
passwords on microsoft ads and novell 4.x nds can't handle encrypted
passwords (but the session will be encrypted through https).

> Is the result to be returned some kind of numerical result
> such as "It may interesting you to know that your password is
> about 17% strong", or as in "Someone could probably break your
> password in about 38 minutes on s good PC"? Or is the result to
> be a "pass/fail" result along the lines of "That password isn't
> complex enough, choose another one!" ?
I am interested in a go/no-go result. The password must fulfill several
properties:
- minimum (and maybe maximum) length
- alphanumeric (more than one numeric or alphabetic char and not only at
the beginning or the end of the password)
I guess the most problematic property is, that it must not consist of
keyword-rows (horizontal like "qwerty" and vertical like "bgt5").
Maybe it's not the strongest password ever, but if it fulfills these
three properties it is strong enough for us (now).

The first two checks are not that hard to write, but I have no idea how
to check the keyword-rows. That's why I am searching for a tool.

Unfortunately I need one to run under Microsoft! The tools I use for
changing the password on Novell NDS only run under Windows and I am not
interested to split the programs of this project onto several computers
with several operating systems. (But I am not happy with that! ;-) )

I am sure that most of our users passwords are so weak that I couldn't
sleep well if I would knew them, so the three properties are something
like a first step for us...

Thanks a lot,
   Lennart

---

• Next message: Purl Gurl: "Re: date problem"
• Previous message: J. Romano: "Re: how perl set envirment variable"
• In reply to: Walter Roberson: "Re: estimate passwords"
• Next in thread: John Bokma: "Re: estimate passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Potential NDS for NT privilege escalation ... We contacted Novell ... machines are NT 4.0 SP6a Application: NDS for NT. ... Given a valid Novell NDS account of any security level ... as having "domain admin" rights over the NT domain can ... (NT-Bugtraq) Re: AD vs NDS Novell ... >I have a MS guy here thinks Novell is the greatest OS. ... A system is always as secure as your system admin chooses to make it - ... There's a ton of really good AD vs. NDS case studies and whitepapers ... Comparing Microsoft Active Directory to Novell's NDS ... (microsoft.public.windows.server.active_directory) Possible privilege escalation with NDS for NT ... We contacted Novell ... machines are NT 4.0 SP6a Application: NDS for NT. ... Given a valid Novell NDS account of any security level ... as having "domain admin" rights over the NT domain can ... (Bugtraq) Re: AD vs NDS Novell ... I'd second that, you don't see many shops moving form MS to Novell, if you ... don't have Novell then don't bother putting it in, not that NDS isn't good, ... > Comparing Microsoft Active Directory to Novell's NDS ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)