| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Oct 2006 00:14:52 +0200 From: endrazine <endrazine@...il.com> To: Paul Schmehl <pauls@...allas.edu> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Putty Proxy login/password discolsure.... Paul Schmehl a écrit : > Not even that is true. You can always *access* the data. Depending > upon the type and complexity of the encryption, it may take a while to > decrypt, but once I have physical access, I have both the data and the > time to do just that. *Most* of the "encryption" schemes for things > like passwords that several times the age of the universe is a while thoo. > used to be stored in plain text (until somebody pointed it out) are > fairly trivial and easily broken. > > Even if they're not, I may be able to use the program itself to > decrypt the password and then capture it in plain text in memory. > you know you can use pretty strong encryption on Hd, right ? > Again, once you have physical access, it's game over, plain and simple. > > Paul Schmehl (pauls@...allas.edu) Regards, endrazine- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists