On Sep 5, 2006, at 8:59 AM, Vassilis Aggelakos wrote:
Ok that's clear but if I, as a developer of MySQL for example ,
know that root's SuperDifficultAndEncrypted password is stored at
the registry under HKLM\MySQL\PWD\etc. or at various registry keys
or at the 154th byte of the sample.bin file or that it is stored at
54th sector of the primary disk I can easily gain access to the
system.
The root's password is stored - encrypted somewhere in my pc if
know the place I can replace it with my encrypted form of a known
password, or even worst if I can modfy the checking routines it is
really easy to do the job.
Am I missing something obvious?
Yes. You're assuming that the password is stored in either an
unencrypted form, or in a reversibly-encrypted form. Most serious
tools use one-way encryption, meaning that there is no way to
determine the original value from the stored value. Password matching
is done by applying the same one-way algorithm to the submitted
password, and if the result is the same as the stored encrypted
value, it's a match.
Obviously, this is still prone to dictionary attacks if you use weak
passwords, but are not discoverable otherwise.
-- Ed Leafe
-- http://leafe.com
-- http://dabodev.com
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
