Best Setup for Regularly Testing User Password Strength

Explanation.

Poor password selection is frequently a major security problem for any system's security.

Administrators should obtain and use password-guessing programs frequently to identify those users having easily guessed passwords.

Because password-cracking programs are very CPU intensive and can slow the system on which it is running, it is a good idea to transfer the encrypted passwords to a standalone (not networked) workstation.

Also, by doing the work on a non-networked machine, any results found will not be accessible by anyone unless they have physical access to that system.

Out of the four choice presented above this is the best choice.

However, in real life you would have strong password policies that enforce complexity requirements and does not let the user choose a simple or short password that can be easily cracked or guessed.That would be the best choice if it was one of the choice presented.

Another issue with password cracking is one of privacy.Many password cracking tools can avoid this by only showing the password was cracked and not showing what the password actually is.It is masking the password being used from the person doing the cracking.

Source: National Security Agency, Systems and Network Attack Center (SNAC), The 60 Minute Network Security Guide, February 2002, page 8.

The correct answer is C: A standalone workstation on which the password database is copied and processed by the cracking program.

Regularly testing the strength of user passwords is an essential aspect of maintaining security in any system. Password cracking is a technique used to test the strength of user passwords, where a program attempts to guess the password by trying various combinations of characters until it finds the correct one. However, using a live password database on a networked workstation for password cracking is not recommended as it can put the security of the entire system at risk.

Therefore, the most appropriate setup for regularly testing the strength of user passwords is to use a standalone workstation on which the password database is copied and processed by the cracking program. This ensures that the password cracking process is isolated from the live system and doesn't cause any disruption or security risks to the live environment.

It's worth noting that password cracking programs should only be used for testing purposes with the explicit consent of the system owner or administrator. Using such programs without authorization is illegal and unethical.