×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Except the customers who didn't use passwords found in the dictionary. If
the person was able to break the file's encryption they would have access
to everything.
I agree they are both bad,
I was just agreeing with person who said they are not equal.
From:
"Walden H. Leverich" <WaldenL@xxxxxxxxxxxxxxx>
To:
"Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Date:
06/22/2009 03:32 PM
Subject:
RE: AS400 Automatic Sending of New Password?
Sent by:
midrange-l-bounces@xxxxxxxxxxxx
You have effectively decrypted some those words, but have not broke
the encryption.
Your own use of the word 'decrypted' shows there's really no difference.
Whether you get the password by mathematically breaking the encryption,
by a brute-force dictionary attack, by dumpster diving, or via social
engineering (asking the user for the password -- actually works quite
well) the result is the same, you now have access to the system. While
the distinction may be one your PhD thesis advisor appreciates, your
customers whose credit-cards are now compromised, the press, and your
auditors are much less likely to care about the difference. :-)
-Walden
As an Amazon Associate we earn from qualifying purchases.