RE: local admin account password

From: Michael Marziani (marziani_at_oasis.com)
Date: 11/26/03

Next message: Marius Huse Jacobsen: "Re: local admin account password"

Previous message: Eli Allen: "Re: local admin account password"
In reply to: Eli Allen: "Re: local admin account password"
Next in thread: David Cameron: "Re: local admin account password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Eli Allen" <eallen@bcpl.net>, <focus-ms@securityfocus.com>
Date: Wed, 26 Nov 2003 15:21:15 -0600

It doesn't matter if the encrypted password changes once they have a single
static copy in their hands. Now if you are saying you'll regenerate all the
machine passwords from time to time, that makes good sense.

-Michael

-----Original Message-----
From: Eli Allen [mailto:eallen@bcpl.net]
Sent: Wednesday, November 26, 2003 3:20 PM
To: Michael Marziani; focus-ms@securityfocus.com
Subject: Re: local admin account password

I was thinking of using something like PGP to encrypt the file that sits on
the users desktop. So this wouldn't be so easy to crack based on how long
the RC5 encryption cracking contest has been going on. And the password
would change every so often too

Eli

----- Original Message -----
> Seems like a decent system other than having a copy on user's desktops.
You
> still want to limit access to the encrypted file to only those who would
> actually have the access to use it. Keep a copy offsite or at multiple
> offsite vaults if you are paranoid, but don't leave a copy where any user
> could get at it, even if secured by NTFS permissions.
>
> Any encryption can be cracked, it's just a question of time. Worst case:
A
> user could take home their own hard drive and make a copy of it, use winxp
> recovery console or other ntfs read utility to bypass the permissions and
> get access to the encrypted file, then ship it off to a corporate
espionage
> firm for cracking. You'd never know the file went missing and would be
wide
> open to attack at some point in the future.
>
> Just my 2 cents.
>
> -Michael
>

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Marius Huse Jacobsen: "Re: local admin account password"

Previous message: Eli Allen: "Re: local admin account password"
In reply to: Eli Allen: "Re: local admin account password"
Next in thread: David Cameron: "Re: local admin account password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: encrypting files
... > * There should be a different salt for each encryption so that the ... > same text will encrypt to different things every encryption. ... > generated and stored with the encrypted file. ... stdin and stdout work just fine for binary data. ...
(sci.crypt)
Re: encrypting files
... > * Block ciphers are better than stream ciphers because they thwart ... > generated and stored with the encrypted file. ... Is there any point in keeping the salt secret?) ... compressing before encryption and/or ASCII ...
(sci.crypt)
Re: Microsoft EFS questions
... didn't want to have different EFS encryption for different versions. ... > Encrypted File System, which can be used with Win2K and WinXP. ... > Second, are there any known weaknesses or further documentation for DESX, the crypto ...
(Security-Basics)
encrypting files
... * Block ciphers are better than stream ciphers because they thwart ... * There should be a different salt for each encryption so that the ... same text will encrypt to different things every encryption. ... generated and stored with the encrypted file. ...
(sci.crypt)
Re: IIS 6 Question re: FTP
... encrypted file. ... The other option we've seen customers ask for is SSH. ... It provides encryption end to end. ... > Our new state guidelines are mandating encrypted FTP. ...
(microsoft.public.inetserver.iis.security)