Security Basics mailing list archives

Re: Password assessment methodology

From: akshar kanak <akshar.kanak1 () gmail com>
Date: Mon, 6 Aug 2012 18:05:03 +0530

Hi
  I am not an expert in pentesting , i am just giving my suggestion
and i am not sure to waht extent it might be applicable .  you can try
to crack the passwords using the tools like "ophcrack"  for windows
and "john the ripper "  for linux to check for the strength of the
password . An internal survey can be conducted to check  for the
length of the password , special chars used  by the people while they
are creating any password .

you can request the people  to create dummy password and then you can
try to break it .
it will give you an insight into how people choose their password .

thanks and regards
Akshar



On Mon, Aug 6, 2012 at 12:16 AM, Anwar Khan <anwarrhce () gmail com> wrote:

Dear All,

Please help me on doing the password assessment in internal penetration testing.
how you should do the password quality assessment according issaf and osstm.

I have read the document of issaf and osstm but the approach to do
that is missing in that.

Please advice.

Thanks in advance.

Rgds,
Anwar

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Password assessment methodology Anwar Khan (Aug 06)
- Re: Password assessment methodology akshar kanak (Aug 06)
  - Re: Password assessment methodology Mike S (Aug 06)
    - Re: Password assessment methodology Anwar Khan (Aug 10)
    - Re: Password assessment methodology TAS (Aug 13)