|
|
>> (Obviously, before you try breaking people's passwords "for real", there
>> are various political issues to consider. But I didn't even get as far
>> as /testing/ the tool, since the AV classes it as "greyware". Which I
>> suppose is reasonable.)
>
> Indeed, the proper way to do this in a production environment is to get
> the approval of management so they know what you're doing and why. It's
> a 'security audit' or 'password audit'. You don't want to get caught
> doing any kind of penetration testing on your company's network without
> TPTB being aware of it - that can lead to serious consequences
> (potentially personal legal liabilities for that matter).
Sure. But first I wanted to check whether the tool I've picked actually
/works/, and have a bit of a play around with it. /Then/ I might see
about using it on real passwords...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|