lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <43ED29DC.8030107@ultra-secure.de>
Date: Sat, 11 Feb 2006 01:03:40 +0100
From: Rainer Duffner <rainer@...ra-secure.de>
To: Solar Designer <solar@...nwall.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0


Solar Designer wrote:

>
>Finally, often it is preferable to not spend lots of disk space and lots
>of time and/or bandwidth to generate or download rainbow tables, -- and
>also to not reveal your password hashes to a third party (such as one of
>the online rainbow tables based cracking services).
>  
>


I don't think such a move (upload hash to 3rd-party site) is covered 
with any sensible pen-tester NDA (and related work).
(Though professional pentesters might have their own set of rainbow-tables)

So, this is a good reason, still.




cheers,
Rainer


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ