D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Password checking

 

On Wednesday 28 December 2005 5:57 pm, Henry Bremridge wrote:
> Please see
> http://www.theregister.co.uk/2005/11/25/symantec_l0phtcrack_export_controve
>rsy/
>
> I am trying to increase web-security at a company (I am a director). As
> a non-techy does anyone know of a debian program that I can point at an
> IP address and check the password / security?

IP? Do you mean for a remote site to probe your firewalls and login systems to 
try to achieve a breach? That would appear to be a sysadmin task, not a user 
task, as it may reveal more than just a few insecure passwords!

Or do you mean for your users to enter their passwords into a (local) program 
that can tell them plainly if their password is useless?

You can do this using a local PHP page:
http://scripts.franciscocharrua.com/check-password.php
http://aspn.activestate.com/ASPN/Cookbook/PHP/Recipe/101526

If you can find the source for something like this:
http://www.securitystats.com/tools/password.php
and implement it locally, that would be useful.

Maybe:
http://www.openwall.com/passwdqc/

There's a Java solution that you could implement locally too:
http://weblogs.java.net/blog/kirillcool/archive/2005/12/visual_feedback.html
http://www.leeholmes.com/projects/pgppass/

> (Following on from which I 
> can jump, rant and scream and get them to improve their computer
> security)
>
> Tks
>
>
> Henry

-- 

Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/

Attachment: pgpHYelcqW0k6.pgp
Description: PGP signature