Re: [opensuse] Enterprise vault e-mail
On 2017-03-27 19:49, Greg Freemyer wrote: Watch it, you are using html. You are not arriving at the list.
On Mon, Mar 27, 2017 at 1:29 PM, Carlos E. R. <> wrote:
> So if I had a PST file to try to parse, I would install "libpff-tools" > and then look to see if there was a relevant tool for extracting > discrete emails from the PST. >
What if it is protected by password?
(note PFF is a group of file types that include PSTs and OSTs).
As in encrypted? Or that Outlook requires you enter a password to access it?
I suppose it is also encrypted.
Knowing libpff was written by incident responder for Google, I'm sure he would simply ignore it if only a access control mechanism.
If it's encrypted, I don't see a way to enter a password (see "man pffexport")
But, the README says: "handles corrupted encrypted PFF with encryption type none"
In your shoes, I'd definitely give it a shot:
zypper in libpff-tools pffexport ...
I'll try. Mind, these posts are from year 2000, so the interest today is scarce. But I still wish to do it, see what is/was there. Now, I'll have to remember where is the backup. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
On Mon, Mar 27, 2017 at 1:56 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
Knowing libpff was written by incident responder for Google, I'm sure he would simply ignore it if only a access control mechanism.
If it's encrypted, I don't see a way to enter a password (see "man pffexport")
But, the README says: "handles corrupted encrypted PFF with encryption type none"
In your shoes, I'd definitely give it a shot:
zypper in libpff-tools pffexport ...
I'll try. Mind, these posts are from year 2000, so the interest today is scarce. But I still wish to do it, see what is/was there. Now, I'll have to remember where is the backup.
I seriously doubt MS was actually encrypting the PST back in 2000. And even if they did, all that era's encryption is easy to break now if you really care. Often you can just send the first KB or 2 of an encrypted file to a service and they will send back the password. Often at no fee. Greg -- Greg Freemyer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-03-27 19:59, Greg Freemyer wrote:
On Mon, Mar 27, 2017 at 1:56 PM, Carlos E. R. <> wrote:
I'll try. Mind, these posts are from year 2000, so the interest today is scarce. But I still wish to do it, see what is/was there. Now, I'll have to remember where is the backup.
I seriously doubt MS was actually encrypting the PST back in 2000. And even if they did, all that era's encryption is easy to break now if you really care.
Often you can just send the first KB or 2 of an encrypted file to a service and they will send back the password. Often at no fee.
Oh...! -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
On Mon, Mar 27, 2017 at 2:06 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
On 2017-03-27 19:59, Greg Freemyer wrote:
On Mon, Mar 27, 2017 at 1:56 PM, Carlos E. R. <> wrote:
I'll try. Mind, these posts are from year 2000, so the interest today is scarce. But I still wish to do it, see what is/was there. Now, I'll have to remember where is the backup.
I seriously doubt MS was actually encrypting the PST back in 2000. And even if they did, all that era's encryption is easy to break now if you really care.
Often you can just send the first KB or 2 of an encrypted file to a service and they will send back the password. Often at no fee.
Oh...!
You know about rainbow tables, right? If so, in the pre-2005 or so era the universe of passwords was typically small enough that a full set of rainbow tables fit on a DVD. And MS hadn't started routinely using SALT yet. Last I knew there were various websites that allowed you to send in the first part of an encrypted file. It would pull the encrypted password out of that fragment, then do a reverse password look-up with a rainbow table. What you got back may not have been your actual password, but it was a password that would hash down to the same thing as your real password, and thus could be used to decrypt the file (PST). == after a quick google RE: Outlook 2003 --- An experiment has shown that on average it takes about a minute to recover an Outlook hash password using the brute force attack. However, the crypto analysis of CRC32 has revealed that the algorithm is completely reversible for short passwords (up to 4 characters) and partially reversible for all others. That means, one can recover the original password or its CRC32 equivalent password, that will be indistinguishable for Outlook, almost instantly. It has been proven that it requires not more than 7 characters to pick a collision (password with the same checksum as the original password). --- So at that time, it seems the entire universe of PST passwords could be mapped down to a 7 character password. So to have near instant cracking speed, all you need is a rainbow table with every possible 7-char password in it. Modern rainbow tables often have every possible 10 or 12 char password. If you feel like experimenting, you could also try to attack the PST with "John". John the ripper is in the distro (zypper in john; sudo /usr/bin/john). fyi: The purpose for John being in the distro is so you can find unacceptably weak passwords. Basically if john can crack the password, it is too weak. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-03-27 20:25, Greg Freemyer wrote:
On Mon, Mar 27, 2017 at 2:06 PM, Carlos E. R. <> wrote:
You know about rainbow tables, right?
Yes. Not something in my realm, but I did read about them.
If so, in the pre-2005 or so era the universe of passwords was typically small enough that a full set of rainbow tables fit on a DVD. And MS hadn't started routinely using SALT yet.
Last I knew there were various websites that allowed you to send in the first part of an encrypted file. It would pull the encrypted password out of that fragment, then do a reverse password look-up with a rainbow table.
What you got back may not have been your actual password, but it was a password that would hash down to the same thing as your real password, and thus could be used to decrypt the file (PST).
== after a quick google
RE: Outlook 2003
--- An experiment has shown that on average it takes about a minute to recover an Outlook hash password using the brute force attack. However, the crypto analysis of CRC32 has revealed that the algorithm is completely reversible for short passwords (up to 4 characters) and partially reversible for all others. That means, one can recover the original password or its CRC32 equivalent password, that will be indistinguishable for Outlook, almost instantly. It has been proven that it requires not more than 7 characters to pick a collision (password with the same checksum as the original password). ---
So at that time, it seems the entire universe of PST passwords could be mapped down to a 7 character password. So to have near instant cracking speed, all you need is a rainbow table with every possible 7-char password in it.
Modern rainbow tables often have every possible 10 or 12 char password.
If you feel like experimenting, you could also try to attack the PST with "John". John the ripper is in the distro (zypper in john; sudo /usr/bin/john).
fyi: The purpose for John being in the distro is so you can find unacceptably weak passwords. Basically if john can crack the password, it is too weak.
Interesting. Yes, I have used john sometime. I remembered something else. There was no password for email, there was a password to the entire computer (or rather, the network profile), via AD of the time. But setup in a paranoid mode. I had to enter a password composed from a remembered password plus a code that was read from a little clock style device that would churn one code per minute. Something like 6 or 8 letters, perhaps numbers. Too long ago to remember. What interests me are some personal emails that can be there. I routinely moved email to local archives (there was a 2 GiB limit to the size of any mail folder), and I have full access to those. But not to the last week, I think. Nothing important after all this time. In case of doubts, per the local legislation I do have rights to that email store. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
Carlos, et al -- ...and then Carlos E. R. said... % ... % AD of the time. But setup in a paranoid mode. I had to enter a password % composed from a remembered password plus a code that was read from a % little clock style device that would churn one code per minute. % Something like 6 or 8 letters, perhaps numbers. Too long ago to remember. [snip] That's the "something you know plus something you have" model. There may be other implementations, especially now that there are software tokens available, but what I have is an RSA (now part of EMC, I notice; interesting) SecurID token. It generates a new number every 30 seconds and -- most importantly -- it's in sync with a server at the office which knows what number is showing on my (and no other) token at that time. When challenged, I enter my 4- or 6-digit (depending on what that office has chosen) secret PIN and whatever 6-digit number is on the display, and I'm in. The first time I had to let in another SA using my account and had to read him the number over the phone, he was amazed and asked if I could give it to him again. I just told him that it was a one-time number and to be sure to not log out, and I didn't mention that half of it was my secret :-) HAND :-D -- David T-G See http://justpickone.org/davidtg/email/ See http://justpickone.org/davidtg/tofu.txt -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-03-27 23:34, David T-G wrote:
Carlos, et al --
...and then Carlos E. R. said... % ... % AD of the time. But setup in a paranoid mode. I had to enter a password % composed from a remembered password plus a code that was read from a % little clock style device that would churn one code per minute. % Something like 6 or 8 letters, perhaps numbers. Too long ago to remember. [snip]
That's the "something you know plus something you have" model. There may be other implementations, especially now that there are software tokens available, but what I have is an RSA (now part of EMC, I notice; interesting) SecurID token. It generates a new number every 30 seconds and -- most importantly -- it's in sync with a server at the office which knows what number is showing on my (and no other) token at that time.
Yes, same thing. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
On Mon, Mar 27, 2017 at 5:26 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
You know about rainbow tables, right?
Yes. Not something in my realm, but I did read about them.
Very worth learning about. Let's say you have the most crazy 10-char password in the world. No one in the universe has ever used it before. But the bad guys have put together a rainbow table of "every password under the rainbow" with 10 chars or less. They pull your "hashed' password out of word doc / pst and do a reverse look-up. Your password is now known. Salt changes that. You'd need a rainbow table for each salt value (as I understand it). The trouble is MS didn't start salting hashed passwords until 10 years ago or so. (As I recall.) Greg -- Greg Freemyer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-03-27 23:49, Greg Freemyer wrote:
On Mon, Mar 27, 2017 at 5:26 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
You know about rainbow tables, right?
Yes. Not something in my realm, but I did read about them.
Very worth learning about.
Let's say you have the most crazy 10-char password in the world. No one in the universe has ever used it before.
But the bad guys have put together a rainbow table of "every password under the rainbow" with 10 chars or less.
They pull your "hashed' password out of word doc / pst and do a reverse look-up. Your password is now known.
Salt changes that. You'd need a rainbow table for each salt value (as I understand it). The trouble is MS didn't start salting hashed passwords until 10 years ago or so. (As I recall.)
Yes, /now/ I remember reading that. Not something I keep on RAM ;-) -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
participants (3)
-
Carlos E. R. -
David T-G -
Greg Freemyer