Educause Security Discussion mailing list archives
Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Fri, 11 Nov 2005 11:22:13 +1300
Brian wrote:
Cracking may help with auditing, but the real problem here is access to the hashes. If someone has your accounts and password hashes, they generally have whatever access to your system those accounts have. The original password isn't needed for most access. (All Windows uses it for is to generate the hash, and then the hash is used for authentication.) If your hashes are stolen it generally doesn't matter much if your passwords are easily looked up in a rainbow table or will take years to break. I guess there are some exceptions where knowing the plaintext password can still be useful; such as situations where the same password is used on different systems, or attacks where impersonating the users actions in a application is desired.
Unless things have change recently MS protocols still hashes across the network where they are vulnerable to snooping. Yes, we all have switched networks and yes most switches can be easily bambozzeled into flooding traffic. Not to mention all those hubs lurking off the edge... The key thing here is to get rid of LM hashes. Our deadline is 31 Dec 05 at which point we turn of LM on all our Domain controllers. Would some one please correct me if I'm wrong but my perception is that UNIX MD5 hashes and NTLM (or whatever the modern incarnation is called) are safe for passwords of 7 or more mixed characters. For some reasonable definition of 'safe'. Russell Russell
Current thread:
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- <Possible follow-ups>
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Jimmy Kuo (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online John Duksta (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Hull, Dave (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Hull, Dave (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Brian (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Russell Fulton (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Perry, Jeff (Nov 10)