[OWASP-Security101] hard coded password

MNMS srinivas mnms.srinivas at gmail.com
Sat Jun 9 12:19:28 UTC 2012


Hi,

           We are using an hardcoded password in our control system. This
password defined in an macro definition and any hacker can be extracted the
hardcoded password from the executable image.Assume this hardcoded password
has length of 5 bytes (letters).

         Now i want to has the password using any standard algorithm. Could
you please suggest the suitable hashing algorithm for this case.And how can
we compare different  hashing algorithms ?

Thanks
Srinivas



On Fri, May 11, 2012 at 5:30 PM, <security101-request at lists.owasp.org>wrote:

> Send Security101 mailing list submissions to
>        security101 at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.owasp.org/mailman/listinfo/security101
> or, via email, send a message with subject or body 'help' to
>        security101-request at lists.owasp.org
>
> You can reach the person managing the list at
>        security101-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Security101 digest..."
>
>
> Today's Topics:
>
>   1. hard coded password (MNMS srinivas)
>   2. Re: hard coded password (Eric Brown)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 10 May 2012 18:00:30 +0530
> From: MNMS srinivas <mnms.srinivas at gmail.com>
> To: security101 at lists.owasp.org
> Subject: [OWASP-Security101] hard coded password
> Message-ID:
>        <CAO526Mhw5mJPvoyNRH=QXUEJiRF-TWWdo=qF80xJx6bwp=howA at mail.gmail.com
> >
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi all,
>
> What is the best way to replace/remove  the hard coded password from the
> binary image ?
>
> --
> M.N.M.S.SRINIVAS.
>
>
> BE GOOD DO GOOD
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 10 May 2012 17:18:28 -0500
> From: Eric Brown <ericbrow at gmail.com>
> To: security101 at lists.owasp.org
> Subject: Re: [OWASP-Security101] hard coded password
> Message-ID:
>        <CAPPm6m2Zm=1VHhUbBpx5fWTEsgkq0M0eEzRDBsoxXNajO4joNw at mail.gmail.com
> >
> Content-Type: text/plain; charset=ISO-8859-1
>
> Can you be a little more specific as to what kind of binary image?
> Platform?  Device?  Software?  Image?  Document?
>
> On Thu, May 10, 2012 at 7:30 AM, MNMS srinivas <mnms.srinivas at gmail.com>
> wrote:
> > Hi all,
> >
> > What is the best way to replace/remove ?the hard coded password from the
> > binary image ?
> >
> > --
> > M.N.M.S.SRINIVAS.
> >
> >
> > BE GOOD DO GOOD
> > _______________________________________________
> > Security101 mailing list
> > Security101 at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/security101
> > List Run By OWASP
> > List Admin: Michael.Coates at owasp.org
>
>
> ------------------------------
>
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
>
>
> End of Security101 Digest, Vol 4, Issue 2
> *****************************************
>



-- 
M.N.M.S.SRINIVAS.


BE GOOD DO GOOD


More information about the Security101 mailing list