Hello Nicolas, Friday, October 18, 2002, 5:14:25 PM, you wrote: NG> From http://www.cqure.net/tools04.html : NG> IPR is a tool for recovering passwords on Lotus Notes ID files. NG> It does this by guessing passwords you supply in a dictionary NG> file. It guesses approximately 400-500 passwords a second on a NG> PIII 1Ghz. Well, well, well. I go and say I've never seen such a tool, and when I send/receive my email I find someone just gives me one. I'd like to state, for the record, that I've never had a stranger give me 20 million pounds for no apparent reason. (Hey, can't blame a guy for trying! *grins*) You'll need a dictionary file for this - I recommend Moby, available here: http://www.dcs.shef.ac.uk/research/ilash/Moby/ There's plenty of words in there, but I'm sure others have their own recommendations. As a side note, this appears to work by brute-force through the Notes C API. Even minor obfuscation of a password - such as adding a letter to the end of it - would make a dictionary usless. Unless you want to create a dictionary with every possible combination in it, that is... Still, it's interesting to see that. As a Domino professional, it verifies to me that the password is hashed and stored, and that there is no way to get it except via the Lotus/BSAFE API's. Most interesting... -- Best regards, Philip mailto:philat_private
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 10:08:36 PDT