Full Disclosure mailing list archives
Re: What the f*** is going on?
From: jf <jf () ownco net>
Date: Thu, 24 Feb 2011 12:11:52 -0500
this is only true for remote attackers hitting network service auth.
Mhmm, and runas, su et al couldn't benefit from this?
better to assume they've got your hashes and you're racing the rainbows, dicts, and CUDAs for longevity...
Not that assuming you're popped/gonna get popped and acting accordingly is a horrible idea, but to make sure I'm understanding your debating points correctly; you're arguing that the reason you want complex passwords is to slow the rainbow tab les once an attacker has write access to lsass, read access to shadow, popped the pdc, et cetera? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: What the f*** is going on?, (continued)
- Re: What the f*** is going on? Michal Zalewski (Feb 22)
- Re: What the f*** is going on? jf (Feb 22)
- Re: What the f*** is going on? coderman (Feb 22)
- Re: What the f*** is going on? jf (Feb 22)
- Re: What the f*** is going on? Chris Evans (Feb 22)
- Re: What the f*** is going on? jf (Feb 24)
- Re: What the f*** is going on? coderman (Feb 24)
- Re: What the f*** is going on? jf (Feb 24)
- Re: What the f*** is going on? Michal Zalewski (Feb 24)
- Re: What the f*** is going on? jf (Feb 24)
- Re: What the f*** is going on? jf (Feb 24)