Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:18:46 ADT
staym@accessdata.com
Fri, 19 Jun 1998 16:36:21 -0600
I know Access is all show when it comes to security: take your
System.MDA file, run it thru the Encrypt/Decrypt utility on the file
menu (Surprise! no passowrd prompt: the RC4 stream uses a constant key)
and do a search on 'admin': the 16 bytes following are a hash of the
password. Replace the hash, boom you're in. What I'd like to know is
if the hash is reversible (knowing MS, quite likely) or if they tried to
look like they knew what they were doing by using a variant of MD4 or
something.
The first 8 bytes of the hash depend solely on the first 8
characters of the pw, and the same for the last 8. (So you can tell if
the pw < 8 chars just by looking).
-- Mike Stay Cryptographer / Programmer AccessData Corp. mailto:staym@accessdata.com
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:18:46 ADT