HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 48 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow Syferlock... any experiences?
EH-Net
May 25, 2012, 12:30:44 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Syferlock... any experiences?  (Read 4112 times)
0 Members and 4 Guests are viewing this topic.
hayabusa
Hero Member
*****
Offline Offline

Posts: 1304



View Profile
« on: February 05, 2010, 12:37:15 PM »
Just an interesting authentication mechanism, which a customer of mine has asked me to test out for them as part of a pentest / security audit, and wondered if anyone has any experiences with it - good, bad or indifferent.

http://www.syferlock.com/

I can think of many ways one MIGHT be able to bypass it, or gain info over time, and plan to do  some testing (which I'll report here after I do,) but figured if anyone else here has already played with it, I don't want to reinvent the wheel.

Thanks.

hayabusa
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH
BillV
Hero Member
*****
Offline Offline

Posts: 1830


View Profile WWW
« Reply #1 on: February 05, 2010, 01:23:19 PM »
I have some pretty good experience with it. We implemented it on a content management system as replacement to the built-in login process.

Seems to be a pretty solid/stable system. Didn't seem to have any issues or hear any complaints from users about it.

I'd be very interested to know what you find - we didn't do any in-depth testing on it.
Logged
hayabusa
Hero Member
*****
Offline Offline

Posts: 1304



View Profile
« Reply #2 on: February 05, 2010, 01:56:32 PM »
Thanks for the reply, BillV.  It's looks to be an interesting concept / product, so I'm kind of pumped to be testing against something of a newer variety than I usually come across.  I likely won't actually do the analys and testing until early March, so there'll be a little hiatus here, but again, figured I'd get as much info as I could, so I'm not reinventing the wheel, if someone else has experiences with it.
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.078 seconds with 21 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.