To: antiRepublicrat
Mitigation, mitigation, mitigation. That's what Windows security is all about. Got something unsecure? Turn it off or hide it. ActiveX a gaping security hole? Turn it off. Cached passwords a gaping security hole? Turn it off too. If we're turning every feature off because it's a security risk, then why would security-conscious company include them in the first place?
So what. Password-salting is a mitigation against crackers, as well. It doesn't prevent cracking. All vendors try to mitigate weaknesses. So, tell us, given a Windows box with EFS installed and 14+ character passwords, how long is it going to take you to crack the passwords?
570 posted on
09/01/2005 10:43:24 AM PDT by
Bush2000
(Linux -- You Get What You Pay For ... (tm)
To: Bush2000
So what. Password-salting is a mitigation against crackers, as well. Salting is a simple common practice in cryptography that was in place long before Microsoft made NT. Microsoft's inability to follow common practice simply resulted in another weak link in the security chain.
So, tell us, given a Windows box with EFS installed and 14+ character passwords, how long is it going to take you to crack the passwords?
Okay, exactly how many systems out there does that apply to? I've already told you what Rainbow Crack can crack, and it applies to all but a tiny fraction of home, corporate and government Windows systems out there. That is a security problem.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson