[20164] in bugtraq
Re: Catastrophic failure of Strip password generation.
daemon@ATHENA.MIT.EDU (Andreas Heinlein)
Wed Apr 11 18:02:32 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-ID: <661641.987000055@[192.168.0.11]>
Date: Wed, 11 Apr 2001 14:40:55 +0200
Reply-To: Andreas Heinlein <aheinlein@GMX.NET>
From: Andreas Heinlein <aheinlein@GMX.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010410200533.A19613@sobolev.does-not-exist.org>
--On Dienstag, 10. April 2001 20:05 Uhr +0200 Thomas Roessler
<roessler@DOES-NOT-EXIST.ORG> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
> Executive summary: If you have ever used Strip for the Palm to
> generate your passwords, change them. Change them NOW.
Hi,
I think you forgot to mention the attacker has to know you generated
the passwords with Strip...
Not likely in many cases, I think.
Bye,
Andreas
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQEVAwUBOtRQ0dep+fmEt3d7AQGMTQgAxZbbniH06Tv4WNoeEdsbPd+eoHC7rEHr
gvurNaOs7DmGtFPlU9sEfpgNgT3/JDxJ7StsuuSLALR/8OqN84BRtdbSBwuyBMIb
OCblnjObE4P0HH55OjAgQJflYpwN5cKJuUGCEb7T+LuqTREIgKFNP5xBiBJP4RPw
bFLwkhFRF/h58Q3dNMBdMghMuJsLGy6c1Y2nOl3bZODUnCER18KnfKcn1vf0lv22
tt6ta7gEm2y+u+NJ9ltcHnXXgm4MN6wTlDPbzhrf6rnhr8/hJvAvuWSwrqagoqlT
Ha+1IBBnj5F8EpaE2uB+Rf3Oiek5kwu9LE1lpG0Q/k5aQoS6r2ilEw==
=0Q9e
-----END PGP SIGNATURE-----
