Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: Senior M$ member says stop using passwords completely!

Re: Senior M$ member says stop using passwords completely!

From: Andrew Farmer <andfarm_at_teknovis.com>
Date: Wed, 20 Oct 2004 10:45:41 -0700

On 16 Oct 2004, at 07:46, Tim wrote:
> "Pre-computation attacks are a somewhat new and interesting phenomenon
> we are starting to encounter 'in the wild' through chainsaw security
> consultants. What they do is they pre-compute all of the possible LM
> or
> NT password hashes of a given length with a given character set and
> burn
> the pre-computed password-hash-to-password-mappings to DVD. Heck they
> can even submit their request to have your password hash reversed back
> into a password using a web page someone has setup to do the job for
> you
> (sorry, not going to give out THAT URL here.) . . . for free!"

To save everyone the looking:

http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Received on Oct 20 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]