On Tue, 2004-03-23 at 12:00, James.Cupps@xxxxxxxxx wrote: > Ok everybody let's send our LM Hashes and email addresses to this group of > complete strangers. Sounds like a great idea. 1) It wouldn't be MY hashes: email address != LM hashes 2) They still don't have the user account name: email address != user ID 3) Which system are they from? They don't know: ID + password = host(x) |where x is undefined 4) Hashes don't need to be valid anymore: <insert witty function about password over time here> But I agree, it's probably not a good idea to send these to an untrusted party. Would make for an interesting project though: What information (except favorite color and shoe size) could you derive from a password hash... Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part