Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Microsoft Password Encryption

Hash: SHA1

__/ [Peter Jensen] on Friday 16 September 2005 14:38 \__

> Roy Schestowitz wrote:
>> Speaking of which...
>> http://www.eweek.com/article2/0,1759,1859751,00.asp
> | Using vulnerable encryption algorithms could expose sensitive data in
> | Microsoft systems. But attacks on those algorithms are still unlikely,
> | given other, easier to exploit holes in the software, Schneier said.
> |
> | "There's just so much that's worse," he said of the other security
> | holes.
> Yeah, that just about sums up my opinion of this move by MS.  Focus on
> the theoretical vulnerabilities *after* you fix the fundamental and very
> real vulnerabilities!

That's a good point, which I failed to notice beforehand. They at least show
that they try hard, e.g. by catching up with encryption algorithms that
have been used in PGP for quite some time.

Authentication in Windows has been dodgy for a variety of other reasons, the
main one being that you rarely need to authenticate successfully in the
first place. Look at all of these machine that get hijacked...


- -- 
Roy S. Schestowitz      | "In hell, treason is the work of angels"
http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
  2:40pm  up 22 days  2:54,  3 users,  load average: 0.77, 0.56, 0.36
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index