Security Basics mailing list archives
Password statistics and standards
From: samhenry () mnsam com
Date: Fri, 13 Oct 2006 23:02:56 -0400 (EDT)
Hi group..... I am new and this is my first post. In a Novell environment NDS/Edir I utilize a tool called DSRazor to pull information about accounts which is helpful in telling me how accounts are configured-- Tells me password length settings, and if Null passwords are allowed for every account. What I really want to obtain is information on how complex my users actual passwords are. Sure the majority of accounts are configured for 5 characters but how many actually are only 5 characters... Obviously I DON'T want to see the passwords if that can be acheived, but I would like statistics about them such as: Password Length complexity (how many of the 4 character sets) How many accounts might have the same password Maybe Novell has a tool that will help me gather this information, but I have not heard of anything. I am wondering what other tools might I look to for help with this type of thing. Thanks for any suggestions..... Here is some recent information I found: A 5 character (a-z, A-Z, 0-9,special) password can be cracked in less than 15.29 minutes An 8 character (a-z, A-Z, 0-9) password can be cracked in less than 77.34 days. An 8 character (a-z, A-Z, 0-9,special) password can be cracked in less than 1.81 years. I am somewhat in a dilema- sure passwords may be 5 characters but because they lock for 15 minutes after incorrect tries the time to break is increased dramatically. I still think that 8 is better and with upper and numerics- But it is a tradeoff- need to consider other systems that don't lock and consistency, along with increased calls to helpdesk.... Again any thoughts or suggestions are appreciated. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Password statistics and standards samhenry (Oct 15)
- Re: Password statistics and standards Frynge Customer Support (Oct 16)
- RE: Password statistics and standards Peter Marshall (Oct 16)
- RE: Password statistics and standards dave kleiman (Oct 16)
- Re: Password statistics and standards Dathan Bennett (Oct 17)
- RE: Password statistics and standards John Lightfoot (Oct 18)
- Re: Password statistics and standards Ansgar -59cobalt- Wiechers (Oct 19)
- RE: Password statistics and standards dave kleiman (Oct 19)
- Re: Password statistics and standards Dathan Bennett (Oct 20)
- RE: Password statistics and standards dave kleiman (Oct 20)
- Re: Password statistics and standards Frynge Customer Support (Oct 16)