Good and Bad Password How-To References

1. Bobby, Paul, "Password Cracking Using Focused Dictionaries", July 16, 2000, was originally found at SANS.org but is now located at http://www.totse.com/en/hack/hack_attack/162116.html


2. Feldmeier, David C., Karn, Philip R. "UNIX Password Security Ten Years Later", 1990, http://www.alw.nih.gov/Security/FIRST/papers/password/
   pwtenyrs.ps


3. John the Ripper: Password Cracker, home page, http://www.openwall.com/john/


4. Klein, Daniel V., " "Foiling the cracker": A survey of, and Improvements to, Password Security", Feb 22, 1991, is available in PDF from http://www.klein.com/dvk/publications/passwd.pdf and locally as a PDF.
   The actual dictionaries used by Daniel Klein can be found at ftp://ftp.cerias.purdue.edu/pub/dict/dictionaries/DanKlein/.


5. L0phtCrack, password auditing for windows NT, home page, seems to move around. I last found it at http://insecure.org/sploits/l0phtcrack.lanman.problems.html. LC5, the latest commercial version (late 2006) can be found at http://www.securityfocus.com/tools/1005.


6. Muffet, Alec, Crack v5.0a, FAQ, http://www.crypticide.com/users/alecm/security/c50-faq.html


7. Thompson, Ken & Morris, Robert, "Password Security: A Case History", 1979, http://www.alw.nih.gov/Security/FIRST/papers/password/
   pwstudy.ps


8. Johnathan Graham, "Security as a Maintenance Process," 2005 Power Point presentaion http://www.its.queensu.ca/oucc/oucc_%20presentations/Johnathan_Graham.ppt an the Ontario Universities Computing Conference http://www.its.queensu.ca/oucc/.

• AusCERT - Choosing good passwords http://www.auscert.org.au/render.html?it=2260&cid=1920l
  
  
• Cal Tech - Zen and the Art of Password Maintenance is archived at
  http://web.archive.org/web/20010213235050/
  http://www.cacr.caltech.edu/resources/accounts/
  password-safety.html
  
  
• Foxglove - Good and bad passwords http://www.tinhat.com/internet_privacy/
  good_password_tips.html
  
  
• Gary C. Kessler - Passwords Strengths and Weaknesses (1996) http://www.garykessler.net/library/password.html
  
  
• MIT - Passwords: The Good, The Bad, and The Ugly http://web.mit.edu/network/passwords.html
  
  
• Stanford University - Suggestions for Selecting Good Passwords http://www.slac.stanford.edu/comp/security/password.html
  
  
• University of Minnesota - Why Brute-Force Password Cracking is Impractical http://www.cs.umn.edu/help/security/brute-force-cracking.html As this article is now only available in the Web Archive the authors may no longer be confident of its validity. I've seen recent claims (Oct. 2004) of cracking tools doing millions of passwords per second.
  

Top of Page - Site Map

Copyright © 2000 - 2006 by George Shaffer. This material may be distributed only subject to the terms and conditions set forth on http://GeodSoft.com/terms.htm. These terms are subject to change. Distribution is subject to the then current terms, or at the choice of the distributor, those defined in a verifiably dated printout or electronic copy of http://GeodSoft.com/terms.htm at the time of the distribution. Distribution of substantively modified versions of GeodSoft content is prohibited without the explicit permission of George Shaffer. Distribution of the work or derivatives of the work, in whole or in part, for commercial purposes is prohibited unless prior permission is obtained from George Shaffer. Distribution in accordance with these terms, for private, unrestricted and uncompensated public access, non profit, or internal company use is allowed.