Security Basics mailing list archives

Bestcrypt brute force

From: Javier Sanchez <sjllera () ya com>
Date: Thu, 25 Nov 2004 11:39:12 +0100



Hi all,

i need to test the encryption of a bestcryt container, i thought that
some brute force test will be enough. I have found a program for win
that does exactly what im looking for but the creator website is down.
Does anyone know Bestcrypt Brute Forcer ?? And any alternative download
sites ??


Cheers

Javier Sanchez
sjllera () ya com


On Tue, 2004-11-23 at 14:18, Raphaël Rigo ML wrote:

Davide wrote:


Hi everybody. would you please give me some hints for the followin situation?
In a win-based network, a folder contains some documents
that have to be made available to company employees when
they are not in the HQ but they are in a local branch office
this is currently implemented by a FTP server (win 2kserver); the ftproot is the root dir of the documents.
the server is connected to internet:

(internet)---(router)---(firewall)---(LAN)---(server)

employees access from a remote location office using their win logon credentials (no anonym access is provided). 
The local branch office acceses internet with a dinamic IP provided by ISP. What security concerns are rised in 
this setting? Should I use a DMZ, using the server to provide FTP services and moving the ftproot folder to another 
server INSIDE the DMZ (linked to a shared folder)?
How can I overcome the problem that FTP passwords are transmitted not enchrypted? Should a VPN between HQ provide 
the panacea for these problems?

thanks in advance
davide

Hello,
The problem is that (if I understand your network correctly), everybody 
in the lan is able to sniff the passwords as they are transmitted in 
plaintext. One of the easiest ways to get more security without changing 
  your network would be to use a TLS/SSL enabled FTP servers, along with 
clients supporting this.
I am not aware of any TLS enabled FTP server for windows licensed under 
a free license but a good commercial one is Blackmoon Ftp Server.
For the clients, still on Windows, I can only recommend FileZilla 
(http://filezilla.sf.net) which is a really good FTP/SFTP Client 
licensed under the GPL.

I hope this helps.
Raphaël

Current thread:

securing an FTP service Davide (Nov 22)
- RE: securing an FTP service pingywon (Nov 23)
- Re: securing an FTP service Alessandro Bottonelli (Nov 24)
- Re: securing an FTP service Raphaël Rigo ML (Nov 24)
  - Bestcrypt brute force Javier Sanchez (Nov 25)
    - Re: Bestcrypt brute force GuidoZ (Nov 27)
- <Possible follow-ups>
- Re: securing an FTP service Davide (Nov 25)