Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!
From: Andrew Farmer (andfarm_at_teknovis.com)
Date: 10/20/04
- Previous message: Andrew Farmer: "Re: [Full-Disclosure] Google Desktop Search"
- In reply to: Tim: "Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!"
- Next in thread: Aviv Raff: "RE: [Full-Disclosure] Senior M$ member says stop using passwords completely!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Tim <tim-security@sentinelchicken.org> Date: Wed, 20 Oct 2004 10:45:41 -0700
On 16 Oct 2004, at 07:46, Tim wrote:
> "Pre-computation attacks are a somewhat new and interesting phenomenon
> we are starting to encounter 'in the wild' through chainsaw security
> consultants. What they do is they pre-compute all of the possible LM
> or
> NT password hashes of a given length with a given character set and
> burn
> the pre-computed password-hash-to-password-mappings to DVD. Heck they
> can even submit their request to have your password hash reversed back
> into a password using a web page someone has setup to do the job for
> you
> (sorry, not going to give out THAT URL here.) . . . for free!"
To save everyone the looking:
http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Andrew Farmer: "Re: [Full-Disclosure] Google Desktop Search"
- In reply to: Tim: "Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!"
- Next in thread: Aviv Raff: "RE: [Full-Disclosure] Senior M$ member says stop using passwords completely!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
