Re: Plain text password for Microsoft (icwip.dun)

From: Knud Erik Højgaard (kainat_private)
Date: Tue Jul 09 2002 - 13:58:36 PDT

Next message: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"

Previous message: Joerg Over: "Re: hijacking TCP connections on FreeBSD"
In reply to: Roland Postle: "Re: Plain text password for Microsoft (icwip.dun)"
Next in thread: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: "Roland Postle" <mailat_private>
Subject: Re: Plain text password for Microsoft (icwip.dun)

> 'Storing' the password in encrypted form would be quite easy to
accomplish,
> and it would at least stop the casual snooper. You could argue that the
same
> passwords /are/ encrypted when they're put in the registry, so why not in
> .ins files too? It increases the security a tad.

It protects against the casual snooper, agreed, but a determined attacker
bypasses
this.. there are numerous tools for extracting 'encrypted' dial-up passwords
etc. from
the registry.

> Anyway, for a complete solution I think we should wait for... Palladium
and
> TCPA-based modems.

You go that way, I'll go this. See you there.

-Knud

Next message: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
Previous message: Joerg Over: "Re: hijacking TCP connections on FreeBSD"
In reply to: Roland Postle: "Re: Plain text password for Microsoft (icwip.dun)"
Next in thread: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 14:44:36 PDT