Re: obtain user's password?
From: Keith W. McCammon (km_at_km.com)
Date: 06/02/03
- Next message: Aleksey Tchekmarev: "Re: URGENT! Legacy clients logon and connection unstable problem"
- Previous message: Pat: "security"
- In reply to: Don Grover: "Re: obtain user's password?"
- Next in thread: Don Grover: "Re: obtain user's password?"
- Reply: Don Grover: "Re: obtain user's password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 2 Jun 2003 08:58:30 -0400
> I have yet to see an application that can return an actual valid password
> that a user has used.
L0phtcrack.
> I wont go into how these cracking apps work with passwords , but they
> certainly don't return an actual password....
Sure they do. It's a hybrid brute-force/dictionary attack. The app just
keeps guessing until a match is returned.
> I have been asked to supply passwords to an owner of a company and the
only
> way I would do it was have hime sign a waiver on security on all the
people
> he held passwords for.
> Imagine if one of those passwords was used by an accountant for online
> banking etc, you can imagine what trouble there would be if it got out...
Yep. Managing passwords is a generally awful idea, unless there are *very*
good reasons for doing so, and *very* strict controls (i.e., the nuclear
football :)...
- Next message: Aleksey Tchekmarev: "Re: URGENT! Legacy clients logon and connection unstable problem"
- Previous message: Pat: "security"
- In reply to: Don Grover: "Re: obtain user's password?"
- Next in thread: Don Grover: "Re: obtain user's password?"
- Reply: Don Grover: "Re: obtain user's password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
