Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: How the password could be recover using FTP Explorer'sregistry!
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Wed, 1 Mar 2000 09:30:13 +0100


"Mark D. Miller" wrote:

Actually, this is not an example of insecurity on a user friendly platform.

I beg to differ.

The Voice Print Password is an alternate password method.  The primary is
the password you type in.  When the voice print password is used, it uses
the typed password to decrypt the keychain.

... and where does the typed password get stored, may I ask? Is it encrypted
somehow? In that case, how? Because the voice print certainly cannot be used
to decrypt it, as it varies too much every time you pronounce it. Encryption
is kind of funny that way, even if just one single bit is wrong, you won't be
able to decode the secret :-P

Since everyone's voice is unique, there shouldn't be any worry as to security.

Ehm. Right.

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se



  By Date           By Thread  

Current thread:
  • Re: How the password could be recover using FTP Explorer'sregistry! Mikael Olsson (Mar 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]