Notes Internet Password Field

Posted by on

I was done in by the Lotus Notes Internet Password hash in R5 today (yeah its ancient).
I changed my domain password and used some words wrapped in parentheses like the following (my Blue shoe). Normally this would be a decent password. But at our company passwords are synched from Active Directory to the Lotus Notes Internet password field. In that field in Notes anything inside parenthesis is presumed to be encrypted already. So anyone in the company looking in the right place could see my password in plain text!

Related posts:

  1. Salting the Hash
  2. Ten Places NOT to Hide Your Password
  3. WashTech: The real threat to password security
  4. Its all about the password
  5. AVERT Lab blogs on password policy

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>