From: Anders Thulin (Anders.Thulin@kiconsulting.se)
Date: Fri Dec 12 2003 - 02:30:07 EST
Paul Bakker wrote:
> The issue is: I need to determine if it is a raesonable password without them giving me the password...
> How can I determine this if I cannot throw a password cracking tool against it?
Brute force login attempts come to mind.
Even with a password cracker, you can't say for sure: $2$ is used to
indicate blowfish on some platforms. But unless you know this particular
platform follows that convention, you won't be able to interpret a failure
to crack the password.
Some preliminary tests to verify the Blowfish hypothesis seem called for.
-- Anders Thulin anders.thulin@kiconsulting.se 040-661 50 63 Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:44 EDT