| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEw2jfx_-sj2gbQAKMhKAYkuEefXeBuc3zAJuSUFbyRkBc23+A@mail.gmail.com>
Date: Tue, 19 Feb 2013 01:50:00 +0100
From: Patrick Mylund Nielsen <patrick@...rickmylund.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Any "large verifiers" on the panel?
>> That attackers are compromising servers and sniffing passwords over the
>> wire, waiting for re-authentications, rather than just grabbing the
>> database.
> Both of these things (and many others) are happening. It is non-obvious which
is more common.
My bad for speaking in absolutes. Of course nothing is. Can we agree that a
COPY TO STDOUT of a users table does more damage (and is easier to perform)
with less risk of being caught/stopped in time than does network MITM, and
that based on virtually all of the compromises that have become
(semi-)public, assuming that the former is the more common isn't completely
unreasonable?
On Tue, Feb 19, 2013 at 1:19 AM, Solar Designer <solar@...nwall.com> wrote:
> On Tue, Feb 19, 2013 at 12:38:31AM +0100, Patrick Mylund Nielsen wrote:
> > That attackers are compromising servers and sniffing passwords over the
> > wire, waiting for re-authentications, rather than just grabbing the
> > database.
>
> Both of these things (and many others) are happening. It is non-obvious
> which is more common.
>
> Alexander
>
Content of type "text/html" skipped
Powered by blists - more mailing lists