[14123] in bugtraq
Re: How the password could be recover using FTP
daemon@ATHENA.MIT.EDU (Mikael Olsson)
Wed Mar 1 20:34:53 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <38BCD515.84E3A975@enternet.se>
Date: Wed, 1 Mar 2000 09:30:13 +0100
Reply-To: Mikael Olsson <mikael.olsson@ENTERNET.SE>
From: Mikael Olsson <mikael.olsson@ENTERNET.SE>
X-To: "Mark D. Miller" <mm290b@NIH.GOV>
To: BUGTRAQ@SECURITYFOCUS.COM
"Mark D. Miller" wrote:
>
> Actually, this is not an example of insecurity on a user friendly platform.
I beg to differ.
> The Voice Print Password is an alternate password method. The primary is
> the password you type in. When the voice print password is used, it uses
> the typed password to decrypt the keychain.
... and where does the typed password get stored, may I ask? Is it encrypted
somehow? In that case, how? Because the voice print certainly cannot be used
to decrypt it, as it varies too much every time you pronounce it. Encryption
is kind of funny that way, even if just one single bit is wrong, you won't be
able to decode the secret :-P
> Since everyone's voice is unique, there shouldn't be any worry as to security.
Ehm. Right.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 VRNSKVLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se E-mail: mikael.olsson@enternet.se
