Hello people The discussion on Notes ID bring something to my mind. Some time ago people of Trust Factory showed a tool named 'sesame' to brute force/dictionary attack of hashed Notes HTTP passwords in a Black Hat convention. The algorythm used is a variant of RSA MD4 (without salt, so each password gives only 1 hash). People of Trust Factory didn't release sesame to the public. Is there any other tool to attack those passwords? I take into account the fact that people tends to use the same password in many places, Notes HTTP password, Notes login, net login, etc. All tools I know are able to attack standard MD4 with salt, not the Notes variant. Best regards, Miguel Dilaj ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Nov 20 2001 - 13:43:57 PST