Full Disclosure mailing list archives
Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords
From: Darren Reed <avalon () caligula anu edu au>
Date: Thu, 5 Jun 2003 13:46:25 +1000 (Australia/ACT)
In some mail from tido () hushmail com, sie said:
Unless i am missing something, the addition of a "hard-key" would not be any better than a stored password. If you authorize the machine, or a piece of hardware plugged into the machine does not make a difference. What keeps another process/user/root/admin from requesting the password/authorization from the hard-key? (possibly a password that has to be entered by an admin? and the cycle continues)
Ideally what you do is give the encrypted contents to the external device that has the secret key in its memory, protected from the computer and get returned decrytpted contents. Like, for example, the USB Rainbow iKey device I have. When used with old versions of Netscape, encrypted email etc., is all handled by the dongle, not the computer. This is generally not suitable for HTTPS, but instead you can apply network connected web accellerators. However none of this has anything to do with validating the auethenticity of a user. As someone mentioned, use a one way hash function with a seed for this. Darren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords, (continued)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords morning_wood (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Васил Колев (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Shawn McMahon (Jun 04)
- RE: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Mads Tansø (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Darren Reed (Jun 04)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords morning_wood (Jun 03)
- RE: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Cushing, David (Jun 04)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords morning_wood (Jun 04)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Pablo Sol (Jun 04)
- RE: Re: IRCXpro 1.0 - Clear local and default remote admin passwords tido (Jun 04)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Darren Reed (Jun 04)