Forum Replies Created

Viewing 15 posts - 91 through 105 (of 871 total)

  • RE: Password checker automation

    Michael Meierruth (2/3/2014)


    OK, I understand now this use of replace. Thus you should separate out this kind of check from the rest since the string '_Replace_' will be used in...

  • RE: Password checker automation

    Michael Meierruth (2/3/2014)


    Adam,

    Just out of curiosity what exactly does this mean:

    REPLACE(pc.[Password],'_Replace_',sl.name)

    Also, how exactly will you login to 250 or so instances to run this and gather the data into a...

  • RE: Password checker automation

    Indeed a good thought Lowell. My colleague was thinking the same thing last week. I didn't have much luck with a performance gain then; however your post inspired me to...

  • RE: Password checker automation

    Michael Meierruth, SQL2000 and later.

    My current test case is running on a SQL2012 instance with 8 logins, comparing to 10,000 + reverse = 90 second run. I think it's because...

  • RE: Password checker automation

    Michael Meierruth (1/30/2014)


    Adam, just out of curiosity, how many servers and logins are you dealing with?

    Fluctuates daily; however based on current inventory ... 242 instances, 6,974 logins.

  • RE: Password checker automation

    That sounds pretty awesome Nadrek ... and way more effective. This SQL function is incredibly poor performing and obviously limiting. Do you have anything already built to leverage this oclHashcat?...

  • RE: Password checker automation

    Thanks Nadrek, I'll check that out later. For now I want to wrap up this current version and figure out how to resolve this damn duplicate ...

  • RE: Password checker automation

    Nadrek (1/30/2014)


    Separately, the phpbb password list is an excellent, small starter list - add in words related to your company, your software products, names from your employee list, etc. ...

  • RE: Password checker automation

    Lowell (1/30/2014)


    Adam i think you just want to do wrap your query as a cte/subselect to get distinct logins with weak passwords, since your new logic allows multiple matches.

    if '0001'...

  • RE: Password checker automation

    So what if any resolution is there?

    In the example that this account has a password of 0001, and that's stored in the password list ... the reverse of that is...

  • RE: Password checker automation

    So I've been working on rewriting this to hit a table of known bad passwords and running into a snag.

    LEFT JOIN dbo.[PasswordCheckerList] pc

    ON PWDCOMPARE(pc.[Password], sl.[password_hash]) = 1

    OR PWDCOMPARE(REVERSE(pc.[Password]), sl.[password_hash]) =...

  • RE: Password checker automation

    Lowell,

    This is great, I have many ideas already on how to expand this pretty intensely.

    That's exactly what I needed, I didn't realize PWDCOMPARE was out there! Unfortunately though, looks...

  • RE: Password checker automation

    Michael Meierruth (1/29/2014)


    Why don't you simply use 'Enforce password policy' of SQL Server?

    So what you're saying is that this software makes attempts to login using some sort of dictionary of...

  • RE: Help resolving duplicates with reindexing logic

    Matt Crowley (1/21/2014)


    At a leaf level, a clustered index is the table. If you have a primary key defined on a column defined as nvarchar(32), and your table has...

  • RE: Help resolving duplicates with reindexing logic

    Lynn Pettis (1/21/2014)


    Can you post the links you have that relate to reindexing causing duplicate records? I have never experienced this issue.

    Hey Lynn, it's not the act of reindexing...

Viewing 15 posts - 91 through 105 (of 871 total)