Full Disclosure: Re: What the f*** is going on?

Re: What the f*** is going on?

From: jf <jf () ownco net>
Date: Thu, 24 Feb 2011 12:11:52 -0500

this is only true for remote attackers hitting network service auth.


Mhmm, and runas, su et al couldn't benefit from this?

better to assume they've got your hashes and you're racing the
rainbows, dicts, and CUDAs for longevity...


Not that assuming you're popped/gonna get popped and acting accordingly is a horrible idea, but to make sure I'm 
understanding your debating points correctly; you're arguing that the reason you want complex passwords is to slow the 
rainbow tab les once an attacker has write access to lsass, read access to shadow, popped the pdc, et cetera?
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: What the f*** is going on?, (continued)
- Re: What the f*** is going on? Michal Zalewski (Feb 23)
- Re: What the f*** is going on? Michal Zalewski (Feb 23)
  - Re: What the f*** is going on? Chris Evans (Feb 23)
- Re: What the f*** is going on? Paul Schmehl (Feb 24)
  - Re: What the f*** is going on? jf (Feb 24)
    - Re: What the f*** is going on? coderman (Feb 24)
    - Re: What the f*** is going on? jf (Feb 24)
    - Re: What the f*** is going on? Michal Zalewski (Feb 24)
    - Re: What the f*** is going on? jf (Feb 24)
    - Re: What the f*** is going on? jf (Feb 24)
    - Re: What the f*** is going on? Valdis . Kletnieks (Feb 25)