Vulnerability Development mailing list archives
Re: Plain text password for Microsoft (icwip.dun)
From: "Roland Postle" <mail () blazde co uk>
Date: Tue, 9 Jul 2002 21:38:12 +0100
Recommendations --------------- Store passwords in an encrypted formHow are you gonna accomplish this since the password has to go 'over the wire' in plaintext? To be able to authenticate with the password you need
to
be able to decrypt it.. right?
'Storing' the password in encrypted form would be quite easy to accomplish, and it would at least stop the casual snooper. You could argue that the same passwords /are/ encrypted when they're put in the registry, so why not in .ins files too? It increases the security a tad. Anyway, for a complete solution I think we should wait for... Palladium and TCPA-based modems. - Blazde
Current thread:
- Plain text password for Microsoft (icwip.dun) Steven Jones (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Knud Erik Højgaard (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Knud Erik Højgaard (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) hellNbak (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Valdis . Kletnieks (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) hellNbak (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Blue Boar (Jul 09)
- Palladium dullien (Jul 10)
- Malicious COM Surrogates Jason Coombs (Jul 29)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Joerg Mayer (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Juan M. Courcoul (Jul 10)
- Re: Plain text password for Microsoft (icwip.dun) Deus, Attonbitus (Jul 10)