Posted on 08/26/2005 6:31:03 PM PDT by Bush2000
If it doesn't matter, then do you have any idea why *NIX dumped Crypt()? It's called security in layers, and Microsoft just lost one of its layers.
Using a sufficiently strong salt/password is no more unbreakable than using a sufficently strong Windows password.
... which would have to be much longer than is common practice in the industry, meaning most Windows computers today are vulnerable.
Or here's another challenge. Give a cracker a statistically meaningful sampling of 1,000 Windows boxes (latest version, fully patched) across the world and one of 1,000 modern *NIX boxes. He has a generous six months and several high-speed PCs (say nice, fat quad Opterons) to complete the cracking. How many Windows boxes do you think he'll get the passwords from? How many *NIX boxes?
My guess: he'll get maybe a couple *NIX passwords, and most the passwords from all but a few of the Windows boxes.
Of course, my challenge actually makes it more probable that a *NIX password can be broken. Since it involves possibly tens of thousands of passwords, he can improve his odds by picking the one salt that repeats most throughout the collection (a couple repeats if you're really lucky) and building a table for that salt. Then he can run the table against just those few passwords. Otherwise, he'll be spending his computing resources breaking them one at a time.
But your challenge does sound interesting. I say use Advanced EFS Data Recovery from Elcomsoft (they same guys who broke PDF protection) to get around the EFS, then use Rainbow Crack on the passwords.
Look, you obviously don't know how long it would take to crack a Windows box running EFS and strong passwords, so I'm not going into yet more hypotheticals. Either address my question or admit you don't know.
Ready for another "schoolin"?
You know we were talking about user experience, so you switched from Linux to Max. But since you now say all modern *NIX...ok. Take this bet then. Windows is more useable by the average person (from install to daily ops). We give a copy of linux to any 5 typical users and a copy of Windows to the same users. We ask them to do several common tasks. I bet the windows platform has them completed quicker on average than the linux platform. Is that a bet or were you just talking out your rear-end again.
I think I'll have to end this discussion (if you can call it that). Your statement is stupid and either purposely ignores my previous posts or you're really not able to converse on the same level.
Passwords have increased in length overtime. Salting allows you to keep the same password requirements but making it harder to crack the password (not impossible, but harder) without requiring the user to change his password. I typed it earlier and explained this in detail several times. If you're too obtuse to understand that, we can't continue this dialogue.
It's a waste of time to talk to antiRepublicrat. He argues in circles and will admit to nothing. Even when proven (via links) wrong he'll just change topics and extend the point to something else. He's just upset that Linux's one user experience that's better than windows is that it doesn't require as long of a password for the same level of password protection. Oh ya, he didn't realize that's what salting was early on, so he made it out like it was something it wasn't and is now trying to safe face by arguing meaningless items (and changing between OS's to make points).
Even his fellow OSS guys have left him alone on this thread because they don't want to be embarrassed by association.
My *NIX comments were about passwords, since they all use the same password system. Usability varies greatly between *NIX systems. But in your case the outcome would depend on whether these are previous Windows users, what distro you use, and whether you choose to use the Windows-like GUIs in Linux. Yes, they look just about like Windows. You could always adjust your competition so you win.
The outcome against Mac just wouldn't be fair. Install an application? Let's take MS Office. I can either go through that long install process with Windows, or I can just drop it from the DVD onto my hard drive with OS X.
You really are out of it on security aren't you? You expect users to keep passwords forever? Hell no, you force a password change at most every 45 days. Perfect time to implement the new password system using the current password policy to ...
... and here's the concept that's hard for Microsofties to grasp
... wait for it ...
... knowledge of the concept is worth your time ...
... get better security!
Microsoft is in the security hell-hole it is now because of thinking like yours that says everything is done in the interests of making things easier for the user with no thought to security.
Pot calling kettle. This simply started with me saying Windows passwords can be cracked, and that I could easily crack the ones on my box with existing technology. You and Bush then took this conversation all over the place into usability and various other security practices.
You as a lover of all things Microsoft just couldn't admit that all but an extremely tiny percentage of Windows passwords in use today can be easily cracked.
He's just upset that Linux's one user experience that's better than windows is that it doesn't require as long of a password
As I said, only a Microsoftie would take a salt to mean that he can now use a shorter password. The rest of the world takes it to mean that good passwords are now unbreakable in any practical sense. Security just isn't in the Microsoft-led mind.
Oh ya, he didn't realize that's what salting was early on,
You didn't even know what salting was early on, so just quit.
Even his fellow OSS guys have left him alone on this thread because they don't want to be embarrassed by association.
I don't think any of them have the patience that I do. Which has now run out.
Let's just see what YOUR comments were...post 557: If you or q want to go on user experience, we can talk right now because OS X has stronger passwords and a better user experience. What's that User Experience mixed in there for if you're ONLY talking about passwords? Oh that's right, you're just talking in circles and mixing arguments to try and quilt together some type of point based on all the yarn you've been spinning.
There you go again mixing OS's to suit your needs. So by your switching, I take it Linux would lose the bet. Thank you for your confirmation of what I already knew. I know you'll never admit a single thing about Linux being inferior in anyway, so I'll take this as affirmation of my point.
BTW: I already said if you combine the best features of Unix, Linux, OS X, and Solaris, you'd have a competitive OS versus windows.
So linux improving security to allow users to have an 8 character password instead of a 15 isn't improving teh user experience? Wow, I never thought you'd give up the one user experience that Linux had over Windows, but I'll take it--even though I don't agree with it.
It doesn't work. Or rather, it works, as long as SYSKEY hasn't been used to move the ADK out of the registry. If it has, save your money - Elcom can't help.
Again, you think only ease for the user, not security. This should be known as the Microsoft Syndrome. "Oooh, this ActiveX idea would be cool and the user's will like it. [later] Oh crap, it's one giant gaping security hole!"
I remember the days when I could truthfully tell people it's impossible to get a virus by opening an email, that what they got was just a hoax. Microsoft ended that.
Wow, I never thought you'd give up the one user experience that Linux had over Windows
In case you haven't noticed, I don't exactly love Linux. I like that it's good for certain things, that it can be modified without the need for obtaining licenses, and that it can be a big cost saver in various scenarios. But that's it. I have no real interest in the cult surrounding it. I only care as much as what it can do for me.
Right. The scope of this discussion is operating systems that have more secure password systems than Windows. That means every modern *NIX. You want one more usable, choose OS X. You want one free that you can modify at the cost of usability, choose Linux. You want to pay a bundle but need the performance and stability, choose AIX. You're an idiot, choose SCO OpenServer 6.
I know you'll never admit a single thing about Linux being inferior in anyway
No, I know you'll never admit Windows is inferior in any way. I've already stated that Linux is not ready for the general desktop. Now you try it for Windows.
You might want to look back to your post 547 and notice it's in a reply to you mentioning user experience. You brought it in. Not me. You have a very short memory.
Yes, you replied then I replied and you changed and said this is only in regards to passwords. geesh.
This is like talking to a 4 year old.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.