Educause Security Discussion mailing list archives
Re: Password cracking benchmarks
From: Kevin Shalla <kshalla () UIC EDU>
Date: Fri, 11 Nov 2005 16:57:32 -0600
Don't dictionary and brute force attacks rely on having access to the password file? Aren't password files protected from theft? Aren't login sessions encrypted between PC and server? Are we talking about hacking by system administrators? If it's just trying passwords, don't lockout strategies keep them out? At 10:15 PM 11/10/2005, Alan Amesbury wrote:
OK, folks, bad news: This is a looong posting. This topic comes up in discussion locally between academic units all the time, and I see we're skirting around it on EDUCAUSE. However, the last time I looked at this in detail was several years ago, and on/with much slower systems. Call this the semi-decade update. The good news is the math is pretty straightforward. My apologies if this seems overly basic to you; I just want to make sure everyone has all the information.......
Current thread:
- Password cracking benchmarks Alan Amesbury (Nov 10)
- <Possible follow-ups>
- Re: Password cracking benchmarks Russell Fulton (Nov 10)
- Re: Password cracking benchmarks Chris Green (Nov 11)
- Re: Password cracking benchmarks Kevin Shalla (Nov 11)
- Re: Password cracking benchmarks Alan Amesbury (Nov 11)
- Re: Password cracking benchmarks Alan Amesbury (Nov 15)
- Re: Password cracking benchmarks Leigh Cheek (Nov 15)
- Re: Password cracking benchmarks Hull, Dave (Nov 15)
- Re: Password cracking benchmarks Alan Amesbury (Nov 15)