lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6C132B0A14EEDED8922119F1@utd59514.utdallas.edu>
Date: Wed, 25 Oct 2006 14:20:10 -0500
From: Paul Schmehl <pauls@...allas.edu>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Putty Proxy login/password discolsure....

--On Wednesday, October 25, 2006 15:18:10 -0400 Matthew Flaschen 
<matthew.flaschen@...ech.edu> wrote:

> Sorry, I shouldn't have implied that was only true of Windows.  However,
> you CAN'T access encrypted data with physical drive access.
>
Not even that is true.  You can always *access* the data.  Depending upon 
the type and complexity of the encryption, it may take a while to decrypt, 
but once I have physical access, I have both the data and the time to do 
just that.  *Most* of the "encryption" schemes for things like passwords 
that used to be stored in plain text (until somebody pointed it out) are 
fairly trivial and easily broken.

Even if they're not, I may be able to use the program itself to decrypt the 
password and then capture it in plain text in memory.

Again, once you have physical access, it's game over, plain and simple.

Paul Schmehl (pauls@...allas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Content of type "application/pkcs7-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ