| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Oct 2006 15:33:13 -0400 From: Matthew Flaschen <matthew.flaschen@...ech.edu> To: Paul Schmehl <pauls@...allas.edu> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Putty Proxy login/password discolsure.... Obviously, with physical access and unlimited computing power there's no security. Too bad no one has unlimited computing power (and very few have the power to break readily available schemes). Matthew Flaschen Matthew Flaschen Paul Schmehl wrote: > --On Wednesday, October 25, 2006 15:18:10 -0400 Matthew Flaschen > <matthew.flaschen@...ech.edu> wrote: > >> Sorry, I shouldn't have implied that was only true of Windows. However, >> you CAN'T access encrypted data with physical drive access. >> > Not even that is true. You can always *access* the data. Depending > upon the type and complexity of the encryption, it may take a while to > decrypt, but once I have physical access, I have both the data and the > time to do just that. *Most* of the "encryption" schemes for things > like passwords that used to be stored in plain text (until somebody > pointed it out) are fairly trivial and easily broken. > > Even if they're not, I may be able to use the program itself to decrypt > the password and then capture it in plain text in memory. > > Again, once you have physical access, it's game over, plain and simple. > > Paul Schmehl (pauls@...allas.edu) > Senior Information Security Analyst > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists