Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0

To: Solar Designer <solar@xxxxxxxxxxxx>
Subject: Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0
From: Rainer Duffner <rainer@xxxxxxxxxxxxxxx>
Date: Sat, 11 Feb 2006 01:03:40 +0100
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20060209223904.GA22322@xxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <3CD2141A07CCC6448D1C4F1832118F1E799FA5@xxxxxxxxxxxxxxxxxx> <20060209223904.GA22322@xxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.6 (X11/20051013)

Solar Designer wrote:


Finally, often it is preferable to not spend lots of disk space and lots
of time and/or bandwidth to generate or download rainbow tables, -- and
also to not reveal your password hashes to a third party (such as one of
the online rainbow tables based cracking services).

I don't think such a move (upload hash to 3rd-party site) is coveredwith any sensible pen-tester NDA (and related work).

(Though professional pentesters might have their own set of rainbow-tables)

So, this is a good reason, still.




cheers,
Rainer

References:
- RE: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0
  - From: Amin Tora
- Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0
  - From: Solar Designer

Prev by Date: XMB Forums Multiple Vulnerabilities
Next by Date: [eVuln] My Blog BBCode XSS Vulnerabilities
Previous by thread: Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0
Next by thread: Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0
Index(es):
- Date
- Thread