Educause Security Discussion mailing list archives
Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online
From: Brian <bkd () LOUISIANA EDU>
Date: Thu, 10 Nov 2005 15:22:46 -0600
Cracking may help with auditing, but the real problem here is access to the hashes. If someone has your accounts and password hashes, they generally have whatever access to your system those accounts have. The original password isn't needed for most access. (All Windows uses it for is to generate the hash, and then the hash is used for authentication.) If your hashes are stolen it generally doesn't matter much if your passwords are easily looked up in a rainbow table or will take years to break. I guess there are some exceptions where knowing the plaintext password can still be useful; such as situations where the same password is used on different systems, or attacks where impersonating the users actions in a application is desired. Brian For $24.95, you can submit 100 password hashes and have returned to you the passwords that will hash to the same value.
Current thread:
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- <Possible follow-ups>
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Jimmy Kuo (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online John Duksta (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Hull, Dave (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Hull, Dave (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Brian (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Russell Fulton (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Perry, Jeff (Nov 10)