<br><br>---------- Forwarded message ----------<br><span class="gmail_quote">From: <b class="gmail_sendername">T Biehn</b> <<a href="mailto:tbiehn@gmail.com">tbiehn@gmail.com</a>><br>Date: Jan 8, 2007 3:06 PM<br>Subject: Re: [Full-disclosure] Flog
1.1.2 Remote Admin Password Disclosure<br>To: endrazine <<a href="mailto:endrazine@gmail.com">endrazine@gmail.com</a>><br><br></span>How are you guys still arguing about this?<br>It wasn't even a troll.<br><br>It's called a one-way-hash for a reason.
<br><br>Oh and if someone comes out with quantum computers tomorrow we could factor RSA, so we better start putting out SSL advisories.
<br><br>Slippery slope indeed.<div><span class="e" id="q_110035163e60c973_1"><br><br><div><span class="gmail_quote">On 1/8/07, <b class="gmail_sendername">endrazine</b> <<a href="mailto:endrazine@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
endrazine@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
typos :<br><br>endrazine a écrit :<br>> Here again, I agree. Now, if one needs to exhaustively try every<br>> possible 32b hashes with the largest possible charset (or even bigger hashes<br>> with a smaller - like those alphanumerical keys you just mentionned), to
<br>> break a password hash, the it's not a "*BIG*" security issue like<br>> mentionned earlier imho.<br>><br>s/hashes/passwords/ indeed<br><br>Cheers,<br><br>endrazine-<br><br>_______________________________________________
<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://lists.grok.org.uk/full-disclosure-charter.html
</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://secunia.com/</a><br></blockquote></div><br>
</span></div>