|
Message-ID: <CABh=JREbkFdAFW76w5ir0aAW3udsw5ZbX2yNZ93bE9m0z-J2kA@mail.gmail.com>
Date: Thu, 10 Jan 2013 18:02:47 +0200
From: Milen Rangelov <gat3way@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: npdf2john
Well unfortunately the mail address takes part into the key derivation
process. Without the mail address, you can't get the key to decrypt the
xml. And bruteforcing the mail address is not a good idea :(
Dhiru, don't they use https for that? It sounds....hmmm interesting...
On Thu, Jan 10, 2013 at 5:35 PM, shane Shane
<shane@...twareontheside.info>wrote:
> > Looks like offline attack would not be possible for Android :(
> > Unless there is some way to get the mail address of course...
>
> Well if they choose the sd card for storage an offline attack
> is possible also if someone was trying to get your last pass database and
> had enough time with your phone there's no reason they couldn't root the
> device in order to grab the database.
>
> Regards,
>
> Shane
>
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.