Subject: | |
From: | |
Reply To: | |
Date: | Wed, 8 Feb 2006 16:04:22 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Doesn't Security Monitor allow you to encrypt these?
Doesn't seem like it would be that hard to write a script to try to brute
force guess MPE passwords. I haven't done the math to see how much harder
SECURITY/3000 would make this, assuming session passwords. But I imagine
several of us have first or second hand experience with someone penetrating
a 3000 in half an hour or less. In my last shop, I regret not declining to
be told the system manager password, but instead asking for the challenge of
penetrating the system. Unfortunately, that's not always a welcome bet to
make.
Whereas I've been googling for a tool to try guessing user's Windows
passwords. You wouldn't think it would be that hard to choose a good
password, meaning complex / hard to guess, but easy for the owner to
remember. I've started collecting ideas for ways to come up with memorable
gibberish, since I'll probably get to train some users on this very thing,
without the benefit of a LART.
I suspect that finding out a company's password complexity requirements cuts
the time to brute force dramatically, by allowing one to not test for simple
passwords. I have no idea how to work out the math on that one.
Greg Stigers
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|