[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [dvd-discuss] Fwd: Bush taps Clarke as CyberdefenseChief
- To: dvd-discuss(at)cyber.law.harvard.edu
- Subject: Re: [dvd-discuss] Fwd: Bush taps Clarke as CyberdefenseChief
- From: Noah silva <nsilva(at)atari-source.com>
- Date: Fri, 12 Oct 2001 11:32:02 -0400 (EDT)
- In-Reply-To: <20011012091213.D8745@lemuria.org>
- Reply-To: dvd-discuss(at)cyber.law.harvard.edu
- Sender: owner-dvd-discuss(at)cyber.law.harvard.edu
> > After a bit of further research, it seems that it's stored encrypted
> > but passed through the APIs in clear.
>
> not to mention that all of M$'s encrypted password systems so far have
> been plaintext equivalent systems. that means if you have the encrypted
> string, you can pose as the user in question, without decrypting it.
> this is different from, for example, unix crypt or md5 passwords where
> knowing the encrypted string buys you nothing.
Clearly, people don't understand something here ;)
Microsoft doesn't do well because of their technical merit, they do well
because of their marketing and consumer ignorence. If they use even
Xoring every byte of a file with 127, they can claim "encryption" and
market it as that. Obviously their goal isn't to actually be very secure,
just to be able to claim they are to increase sales.
-- noah silva