Educause Security Discussion mailing list archives
Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online
From: "Perry, Jeff" <perry () KU EDU>
Date: Thu, 10 Nov 2005 16:51:30 -0600
Would some one please correct me if I'm wrong but my perception is that
UNIX MD5 hashes and NTLM (or whatever the modern incarnation is called) are safe for passwords of 7 or more mixed characters. If by safe you mean computationally much more expensive to crack then yep they're much more safe (by many times) than LM. Cheers, Jeff Perry ------------------------------------ Jeff Perry Network Security Analyst IT Security Office, A division of Information Services The University of Kansas 1001 Sunnyside Avenue Lawrence Kansas 66045 http://www.security.ku.edu ------------------------------------ Direct Extension: 785-864-0489 IT Security Office: 785-864-9003 Email: perry () ku edu -----Original Message----- From: Russell Fulton [mailto:r.fulton () AUCKLAND AC NZ] Sent: Thursday, November 10, 2005 4:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Brian wrote:
Cracking may help with auditing, but the real problem here is access to the hashes. If someone has your accounts and password hashes, they
generally have whatever access to your system those accounts have. The original password isn't needed for most access. (All Windows uses
it for is to generate the hash, and then the hash is used for authentication.) If your hashes are stolen it generally doesn't matter much if your passwords are easily looked up in a rainbow table
or will
take years to break. I guess there are some exceptions where knowing
the plaintext password can still be useful; such as situations where the same password is used on different systems, or attacks where impersonating the users actions in a application is desired.
Unless things have change recently MS protocols still hashes across the network where they are vulnerable to snooping. Yes, we all have switched networks and yes most switches can be easily bambozzeled into flooding traffic. Not to mention all those hubs lurking off the edge... The key thing here is to get rid of LM hashes. Our deadline is 31 Dec 05 at which point we turn of LM on all our Domain controllers. Would some one please correct me if I'm wrong but my perception is that UNIX MD5 hashes and NTLM (or whatever the modern incarnation is called) are safe for passwords of 7 or more mixed characters. For some reasonable definition of 'safe'. Russell Russell
Current thread:
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- <Possible follow-ups>
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Jimmy Kuo (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online John Duksta (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Hull, Dave (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Hull, Dave (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Brian (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Russell Fulton (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Perry, Jeff (Nov 10)