It's not all doom-and-gloom. Someone still needs to *get* the hashes somehow. So they need the ability to dump something from your authentication stores (AD? Proprietary database? LDAP store), which may or may not be in NTLM. If they are able to do that, then you already have significant problems.
Or, they need to capture them across the wire: but if you application uses TLS/SSL, or IPSec, or some other proprietary encryption mechanism for exchanging credentials, or Kerberos, or... then again, you have a degree of protection. Breaking into a well-designed network isn't necessarily hard. But it isn't as easy as throwing lots of CPU cycles at it either. Cheers Ken -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Friday, 25 May 2012 8:35 AM To: NT System Admin Issues Subject: Re: Passphrases vs. password On Thu, May 24, 2012 at 2:45 PM, Ben Scott <[email protected]> wrote: > On Thu, May 24, 2012 at 5:17 PM, Jeff Steward <[email protected]> wrote: >> http://www.lockdown.co.uk/?pg=combi#Classes >> See the note on the bottom of the page if you want your mind blown. > > And note that the page is dated July 2009. If we blindly assume for > the sake of discussion that computing power doubles every 18 months, > we can multiply every speed given by roughly five. > > I also wonder if the latest crop of GPU/math coprocessor hardware > could be adapted to this purpose. Buy a few cycles from Amazon - it's probably cheaper. But yes, I believe that this has been done. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
