Re: Plain text password for Microsoft (icwip.dun)
From: Knud Erik Højgaard (kain@egotrip.dk)Date: 07/09/02
- Previous message: B.K. DeLong: "Black Hat Briefings Keynotes Include NSA Director and Special Advis. to Bush"
- In reply to: Steven Jones: "Plain text password for Microsoft (icwip.dun)"
- Next in thread: Roland Postle: "Re: Plain text password for Microsoft (icwip.dun)"
- Reply: Roland Postle: "Re: Plain text password for Microsoft (icwip.dun)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Knud Erik Højgaard <kain@egotrip.dk> To: <bigpoop@clara.co.uk>, <vuln-dev@securityfocus.com> Date: Tue, 9 Jul 2002 21:03:47 +0200
> Recommendations
> ---------------
> Store passwords in an encrypted form
How are you gonna accomplish this since the password has to go 'over the
wire' in plaintext? To be able to authenticate with the password you need to
be able to decrypt it.. right?
-Knud
- Previous message: B.K. DeLong: "Black Hat Briefings Keynotes Include NSA Director and Special Advis. to Bush"
- In reply to: Steven Jones: "Plain text password for Microsoft (icwip.dun)"
- Next in thread: Roland Postle: "Re: Plain text password for Microsoft (icwip.dun)"
- Reply: Roland Postle: "Re: Plain text password for Microsoft (icwip.dun)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
