lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1059029419.554.36.camel@bsdbox.rue.de.eds.com>
From: daniel at eds.de (Daniel Berg)
Subject: NEW windows password encryption flaw..

Thanks for the info. I would suggest you could use the cleartext
password since most people tend to reuse their passwords, which would
maybe enable you to obtain access to other software/systems the owner of
the hash has access to....

just a quick thought ...


> Windows  uses  password  hash  in  a  same  way  as  Unix uses cleartext
> password.  ...

>  So, cracking of Windows hashes gives you nothing in fact.

-- 
Daniel Berg

++++++++++++++++++++++++++
+EDS Germany
+Security & Privacy
+email: daniel@....de
+cell: +491792287327
+http://www.bsdaddict.org
++++++++++++++++++++++++++

Disclaimer...
 
The opinions expressed in this email are personal ones, and are not
necessarily equal to the opinions of EDS Germany GmbH.
 
The information in this email is confidential and is solely intented for
the receipent of this mail. If you are not the intented receipent of this 
email plz contact the sender, and delete the mail immediately. You must 
not use, disclose, alter, distribute, copy, print or rely on any of the
given information in this email.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ