Archives of the TeradataForum
Message Posted: Tue, 26 Aug 2003 @ 17:10:25 GMT
| Subj: | | Re: SYSECDEFAULTS |
| |
| From: | | Anomy Anom |
<-- Anonymously Posted: Tuesday, August 26, 2003 13:04 -->
| | This makes passwords alot more crackable. | |
Doesn't this assume that you know the encryption method used by Teradata to store the passwords?
If one is going to brute force a password, then yes, having less characters to work with is a big help. But, to brute force anything,
you first need to know what algorithm to use. For example, I know that Windows NT uses the RC5 (after SP6 I believe) DES algorithm to store
its passwords. I can then brute force the password by using this algorithm and comparing it to the hashed password.
Anywho, it's all academic. Between sniffing network packets for ODBC passwords, shoulder surfing, or simply guessing; a cracker probably
would never even need to try and crack the Teradata password.
| | Does anyone know if NCR plans to beef up security. | |
Teradata could be a figurative Fort Knox, but it means nothing if the users' password is "Teradata_1" (note the 'special' character :-
))
-Anomy
| 
