I have read of apps that supposedly can crack FileMaker passwords. Some
have been mentioned in this newsgroup, and I have found others on the
web.
Do these really work if you have strong passwords? I can imagine being
able to crack weak passwords -- few characters, dictionary words, easy
to guess, etc -- but what about strong passwords?
If strong passwords can be easily cracked, then what security is there
really in passwords?
|
|
0
|
|
|
|
Reply
|
 bbcollins (161)
|
11/25/2009 9:19:45 PM |
|
On 2009-11-25 13:19:45 -0800, Bill <bbcollins@earthlink.net> said:
> I have read of apps that supposedly can crack FileMaker passwords. Some
> have been mentioned in this newsgroup, and I have found others on the
> web.
>
> Do these really work if you have strong passwords? I can imagine being
> able to crack weak passwords -- few characters, dictionary words, easy
> to guess, etc -- but what about strong passwords?
>
> If strong passwords can be easily cracked, then what security is there
> really in passwords?
I'm having an "am I invisible?" day here. ;)
As I stated before, password crackers do not reveal passwords in .fp7
files. The password is stored as a hashed string and cannot be
extracted.
What they do is replace the segment of the file with the hash with a
hash of a known password. Then they tell you the known password.
Almost all programs that use passwords can be hacked, particularly if a
user has physical possession of the file and some motivation. So FM
passwords are useful for keeping out amateurs, and for separating
account users from each other. They aren't terrific for protecting
data. You have to take other steps for that.
One is to use FMPro Advanced to strip out the admin access to files
that you distribute, such as for vertical market products. This means
that even if someone obtains a cracked password, it does them no good.
They have no higher access than the user password. They can't see
structure, scripting, tables, field defs, etc. So they can't reverse
engineer or hijack your product.
Another method is to run proper backups in a hosted situation, so that
a disgruntled user doesn't prevent access to your data, or as in the
case of the original poster, change admin passwords.
Using encryption is another method, but it's a performance-killer, to
be used sparingly.
--
Lynn Allen
--
www.semiotics.com
Member FBA
FM 10 Certified Developer
|
|
|
0
|
|
|
|
Reply
|
 Lynn
|
11/25/2009 11:42:53 PM
|
|
On Nov 25, 2:19=A0pm, Bill <bbcoll...@earthlink.net> wrote:
> I have read of apps that supposedly can crack FileMaker passwords. Some
> have been mentioned in this newsgroup, and I have found others on the
> web.
>
> Do these really work if you have strong passwords? I can imagine being
> able to crack weak passwords -- few characters, dictionary words, easy
> to guess, etc -- but what about strong passwords?
>
> If strong passwords can be easily cracked, then what security is there
> really in passwords?
The first question is what are you trying to protect and from whom?
Are you selling a commercial database and don't want customers
reselling your work? Are you protecting the data inside the solution?
Passwords are only one element in a security system, not the whole
thing. Properly constructed account permissions and physical security
of the database are two other big ones.
There are ways of mitigating the dangers. All Full Access passwords
should follow good practices. Without Full Access, and with non-Full
Access users allowed access to only the features the need, a cracker
is less useful.
But most critically, a cracker requires physical possession of the
database. If someone can get their hands on your solution, your
options are limited.
On the upside, I've heard a FM password crackers can corrupt the
database, making it unusable (though with data available). Don't know
if that's true.
Often, passwords are for account management as much as for security.
|
|
|
0
|
|
|
|
Reply
|
Grip
|
11/25/2009 11:51:22 PM
|
|
On 2009-11-25 15:51:22 -0800, Grip <grip@cybermesa.com> said:
> But most critically, a cracker requires physical possession of the
> database. If someone can get their hands on your solution, your
> options are limited.
While this is true of the commercial crackers, it is not true of true
experts. I have personal knowledge that it's possible to crack hosted
files. Not easy, and there's only one person I know who can do it, who
is, thankfully, completely ethical. But it can be done.
However, run of the mill Bad Guys do need physical possession of the file.
>
> On the upside, I've heard a FM password crackers can corrupt the
> database, making it unusable (though with data available). Don't know
> if that's true.
Yes. The replacement of the hash may corrupt the file. It certainly
makes it unreliable for development or production.
>
> Often, passwords are for account management as much as for security.
Absolutely true. Most often, I'm endeavoring to keep well-meaning
people from committing unrecoverable errors with their own data. Only
rarely do my solutions rise to the level of protecting the solution
itself, or the data, from actual Bad Guys with Intent.
If you do need ironclad data security, then sorrowfully, FM is not your
tool. It just isn't secure enough.
--
Lynn Allen
--
www.semiotics.com
Member FBA
FM 10 Certified Developer
|
|
|
0
|
|
|
|
Reply
|
Lynn
|
11/26/2009 1:40:58 AM
|
|
In article <4b0ddca2@news.bnb-lp.com>,
Lynn Allen <lynn@NOT-semiotics.com> wrote:
> On 2009-11-25 15:51:22 -0800, Grip <grip@cybermesa.com> said:
>
> > But most critically, a cracker requires physical possession of the
> > database. If someone can get their hands on your solution, your
> > options are limited.
>
> While this is true of the commercial crackers, it is not true of true
> experts. I have personal knowledge that it's possible to crack hosted
> files. Not easy, and there's only one person I know who can do it, who
> is, thankfully, completely ethical. But it can be done.
>
> However, run of the mill Bad Guys do need physical possession of the file.
> >
> > On the upside, I've heard a FM password crackers can corrupt the
> > database, making it unusable (though with data available). Don't know
> > if that's true.
>
> Yes. The replacement of the hash may corrupt the file. It certainly
> makes it unreliable for development or production.
> >
> > Often, passwords are for account management as much as for security.
>
> Absolutely true. Most often, I'm endeavoring to keep well-meaning
> people from committing unrecoverable errors with their own data. Only
> rarely do my solutions rise to the level of protecting the solution
> itself, or the data, from actual Bad Guys with Intent.
>
> If you do need ironclad data security, then sorrowfully, FM is not your
> tool. It just isn't secure enough.
Thanks to both Lynn and Grip for the answers. Need to think some more
about just what I am trying to protect.
|
|
|
0
|
|
|
|
Reply
|
Bill
|
11/26/2009 2:48:01 AM
|
|
|
4 Replies
2518 Views
(page loaded in 0.065 seconds)
Similiar Articles: Crack FileMaker Passwords? - comp.databases.filemakerI have read of apps that supposedly can crack FileMaker passwords. Some have been mentioned in this newsgroup, and I have found others on the web.... autocad electrical 2010 autodesk full download crack torrent RZf ...We can crack or emulate any protection type: Dongle, Hardlock, Hasp, Serial, Password, Hasp4, Flexlm, Sentinel, Wibu, Eutron Smartkey, Hasphl, Prote... Fonts and Filemaker - comp.databases.filemakerusing "*" font for password - comp.databases.filemaker I am creating a sign-in screen in FM7 ... Computer Group POST ... req: Filemaker Server 8 and Keygen FOR Filemaker 8 ... Help on resetting root password in Cyclade for Solaris servers ...comp databases filemaker (6426) comp jobs computer (6277) comp ... > > password. >=20 > You must have a serial console (or equiv) connected to the console port. run script on entering a field - comp.databases.filemaker ...Pasting into field - comp.databases.filemaker Or else you ... Chage passwords in script without expect - comp.unix ... takes 20 seconds to run ... auto enter (the serial ... Calculating elapsed time problem - comp.databases.filemaker ...... FM Pro Solutions Los Angeles, California FileMaker ... table is solely for storing employee ID and password. ... round: Calculating 154 ... accuracy for serial port ... Overcoming insufficient permissions for PDF image extraction to ...http://www.password-crackers.com/crack/guapdf.html http://www.crackpassword.com/products/prs ... Paid Help Wanted - comp.databases.filemaker Overcoming insufficient ... How to access SMBIOS interface from Windows. - comp.lang.asm.x86 ...... from Linux Server - comp.dcom.net ... configure Serial ... one central interface file but ... low level user password that doesn't allow access to ... Vbscript and FileMaker ... Can Access access the cloud? - comp.databases.ms-accessSpeeding up Serial port Access - comp.soft-sys.matlab ... I have a small database running in filemaker 4.1 but I can't remember the full access password? WordStar or CP/M patches for VT100 terminal - comp.os.cpm ...Or maybe just slowing down the serial ports? > > Rick ... If you're using FileMaker 7 then you'll need to replace ... ... Need Help With Sun Fire 4800 Controller Password Reset ... FileMaker Password Recovery :: Instant recovery of lost passwords ...Recovers lost passwords for FileMaker Pro databases. All passwords are recovered instantly. FileMaker Password Recovery - Recovers lost or forgotten passwords ...Software piracy is theft, Using 'FileMaker Password Recovery' crack, password, serial numbers, registration codes, key generators is illegal and prevent future ... 7/21/2012 5:13:16 PM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
15 followers. 