On 07/05/07, David Gerard <dgerard(a)gmail.com> wrote:
Could someone please run a password cracker across the
admin accounts
internally, to spot awful passwords?
It's not a straightforward operation due to the method we use to store
passwords, so we'd need to generate and hash bad passwords per user,
and then check against the real values in the database.
The main problem, though, is having a script with a list of rules for
generating said "bad passwords" that are widely agreed to be tough
enough, but not too tough.
Rob Church