lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <430F9CBF.7040806@runawaynet.com>
Date: Fri, 26 Aug 2005 15:50:39 -0700
From: Nicholas Knight <nknight@...awaynet.com>
To: bugtraq@...urityfocus.com
Subject: Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users


Nick Boyce wrote:
> Surely this is just another rehash of the same old debate that appears
> here every now and then - the conclusion will always be that stored
> passwords are inherently vulnerable.   They can be obfuscated as much
> as you like, but it only needs one successful piece of R&D to render
> the whole obfuscation scheme useless for everybody.
> 
> See 
>    http://marc.theaimsgroup.com/?t=92420089800002&r=1&w=2 
>    http://marc.theaimsgroup.com/?t=94570694700003&r=1&w=2
> for a couple of useful Bugtraq debates on this topic. 
> [both in 1999 ... was that _really_ the last time this came up ?]

Good grief. Are DOS and Win9x concepts really so burned into people's 
brains that they can't recognize the proper solution for storing data 
where other users on a system can't get to it?

These aren't the days of single-user desktop operating systems anymore, 
people. You don't need inherently insecure obfuscation techniques to 
hide data, you just have to store it where it friggin' belongs -- IN THE 
USER'S HOME DIRECTORY.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ