[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!

To: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!
From: Andrew Farmer <andfarm@xxxxxxxxxxxx>
Date: Wed, 20 Oct 2004 10:45:41 -0700

On 16 Oct 2004, at 07:46, Tim wrote:

"Pre-computation attacks are a somewhat new and interesting phenomenon we are starting to encounter 'in the wild' through chainsaw security consultants. What they do is they pre-compute all of the possible LM or NT password hashes of a given length with a given character set and burn the pre-computed password-hash-to-password-mappings to DVD. Heck they can even submit their request to have your password hash reversed back into a password using a web page someone has setup to do the job for you (sorry, not going to give out THAT URL here.) . . . for free!"

To save everyone the looking:

http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/

Attachment: PGP.sig
Description: This is a digitally signed message part

References:
- [Full-Disclosure] Senior M$ member says stop using passwords completely!
  - From: RandallM
- Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!
  - From: Tim

Prev by Date: Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!
Next by Date: Re: [Full-Disclosure] interesting trojan found
Previous by thread: Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!
Next by thread: Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!
Index(es):
- Date
- Thread