On Mon, Mar 27, 2017 at 2:06 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
On 2017-03-27 19:59, Greg Freemyer wrote:
On Mon, Mar 27, 2017 at 1:56 PM, Carlos E. R. <> wrote:
I'll try. Mind, these posts are from year 2000, so the interest today is scarce. But I still wish to do it, see what is/was there. Now, I'll have to remember where is the backup.
I seriously doubt MS was actually encrypting the PST back in 2000. And even if they did, all that era's encryption is easy to break now if you really care.
Often you can just send the first KB or 2 of an encrypted file to a service and they will send back the password. Often at no fee.
Oh...!
You know about rainbow tables, right? If so, in the pre-2005 or so era the universe of passwords was typically small enough that a full set of rainbow tables fit on a DVD. And MS hadn't started routinely using SALT yet. Last I knew there were various websites that allowed you to send in the first part of an encrypted file. It would pull the encrypted password out of that fragment, then do a reverse password look-up with a rainbow table. What you got back may not have been your actual password, but it was a password that would hash down to the same thing as your real password, and thus could be used to decrypt the file (PST). == after a quick google RE: Outlook 2003 --- An experiment has shown that on average it takes about a minute to recover an Outlook hash password using the brute force attack. However, the crypto analysis of CRC32 has revealed that the algorithm is completely reversible for short passwords (up to 4 characters) and partially reversible for all others. That means, one can recover the original password or its CRC32 equivalent password, that will be indistinguishable for Outlook, almost instantly. It has been proven that it requires not more than 7 characters to pick a collision (password with the same checksum as the original password). --- So at that time, it seems the entire universe of PST passwords could be mapped down to a 7 character password. So to have near instant cracking speed, all you need is a rainbow table with every possible 7-char password in it. Modern rainbow tables often have every possible 10 or 12 char password. If you feel like experimenting, you could also try to attack the PST with "John". John the ripper is in the distro (zypper in john; sudo /usr/bin/john). fyi: The purpose for John being in the distro is so you can find unacceptably weak passwords. Basically if john can crack the password, it is too weak. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org