From: Michael Marziani (marzianioasis.com)
Date: Wed Nov 26 2003 - 15:21:15 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It doesn't matter if the encrypted password changes once they have a single
static copy in their hands. Now if you are saying you'll regenerate all the
machine passwords from time to time, that makes good sense.

-Michael

-----Original Message-----
From: Eli Allen [mailto:eallenbcpl.net]
Sent: Wednesday, November 26, 2003 3:20 PM
To: Michael Marziani; focus-mssecurityfocus.com
Subject: Re: local admin account password

I was thinking of using something like PGP to encrypt the file that sits on
the users desktop. So this wouldn't be so easy to crack based on how long
the RC5 encryption cracking contest has been going on. And the password
would change every so often too

Eli

----- Original Message -----
> Seems like a decent system other than having a copy on user's desktops.
You
> still want to limit access to the encrypted file to only those who would
> actually have the access to use it. Keep a copy offsite or at multiple
> offsite vaults if you are paranoid, but don't leave a copy where any user
> could get at it, even if secured by NTFS permissions.
>
> Any encryption can be cracked, it's just a question of time. Worst case:
A
> user could take home their own hard drive and make a copy of it, use winxp
> recovery console or other ntfs read utility to bypass the permissions and
> get access to the encrypted file, then ship it off to a corporate
espionage
> firm for cracking. You'd never know the file went missing and would be
wide
> open to attack at some point in the future.
>
> Just my 2 cents.
>
> -Michael
>

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]