[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Mon, 15 Mar 2010 18:13:51 +0000 Rhia Knowles wrote: > On 13 March 2010 09:58, Gordon Henderson <gordon+dcglug@xxxxxxxxxx> > wrote: > > On Fri, 12 Mar 2010, Simon Waters wrote: > > > >> Gordon Henderson wrote: > >>> > >>> and it gave me the password in about 2 seconds flat. > >>> > >>> So that about wraps it up for windows passwords. > >> > >> But if this attack is only 100 times faster you've only gone from > >> minutes to seconds. If it only took minutes before it wasn't > >> exactly secure. > > > > I think their use of SSD technolgoy to store and give high-speed > > access to the database was interesting - however it means that > > cracking an entire servers's worth of passwords is fesable - in > > seconds to minutes rather than hours now. > > > > I don't actually know how the password-file is stored on a Win > > server though, but for a Samba server it's there and fairly easy to > > get. > > I know in XP its stored in a SAM file, would expect that to be the > same for all NT based Windows. After all, Security isnt as important > as fancy eyecandy so it all looks new! As far as I'm aware all *local* user account details are held on the local machine in the SAM file, and encrypted in the same manner. Grant. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html