RE: Problems with my password.

Sun, 04 Feb 2001 14:07:58 -0800 

Answers below...


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Scott C. Best
Sent: Sunday, 04 February 2001 19:40
To: [EMAIL PROTECTED]
Subject: Re: Problems with my password.


Graham:

        Heya. Let me just be sure I heard you:

> Well, see James' comment. If you can see it over the network, you can
> run regedt32 against it. IIRC, though, the password is encrypted in the
> registry anyway (And VNC does not allow blank passwords, so simply
> deleting it is out) - so you have to crack that, first.

        Forgive my lack of Windoze tech-savvy here, but...is this
a feature or a bug? :)

[GD] I think it's a feature. As Wez says, you should not be able to get to
the registry unless you have a valid user account on that machine and the
necessary priveledges.

 And...is regedt32 TCP based over some specific
port that my firewall should be especially cautious about?

[GD] I actually don't know, to tell you the truth. This was the first I
heard of it. I was always under the impression it used NetBIOS only. :)

 And, lastly,
is it read/write, so I could cut&paste my password's ciphertext hex
into the registry and they have my way with it?

[GD] Yes - again, provided you have the necessary priveledges and so on.

        I'm thinking that once you have the ciphertext, it's
pretty easy to plug it into a password guesser like Crack. I've
had, errr, *heard about* people having great luck guessing
passwords with it.

[GD] Well, since the source code is freely available, anybody with some C
knowledge can have a look and get in. As Wez said the encryption is only so
that the password is not displayed to prying eyes while you're working in
the registry. I, personally, am a VB man, and have no inclination whatsoever
to become a C man - I HATE CASE SENSITIVITY! Always have, always will. There
are no words strong enough to describe my feelings against case sensitivity.
:)
tia,
Scott
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------

Reply via email to