Re: Messenger/Hotmail passwords at risk

From: Peter van Dijk (peterat_private)
Date: Mon Jul 09 2001 - 12:24:29 PDT

Next message: Jeffrey W. Baker: "Re: Messenger/Hotmail passwords at risk"

Previous message: Jochen Bauer: "Re: Check Point FireWall-1 RDP Bypass Vulnerability"
In reply to: gregory duchemin: "Messenger/Hotmail passwords at risk"
Next in thread: Jeffrey W. Baker: "Re: Messenger/Hotmail passwords at risk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jul 06, 2001 at 09:32:36PM -0000, gregory duchemin wrote:
[snip]
> the hash creation process is as follow:
> ======================================
> 
> say user toto has a password "titan"
> then his client generate the string "yyyyyyyyy.yyyyyyyyytitan" and the 
> according MD5 hash, say xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
> the client send MD5(yyyyyyyyy.yyyyyyyyytitan) on the wire.

This is the exact same thing APOP does - server sends a string, client
appends password to string, takes MD5 hash and sends back. If your
cracker is what you say it is (I haven't checked) then APOP should be
just as vulnerable.

Greetz, Peter
-- 
Against Free Sex!   http://www.dataloss.nl/Megahard_en.html

Next message: Jeffrey W. Baker: "Re: Messenger/Hotmail passwords at risk"
Previous message: Jochen Bauer: "Re: Check Point FireWall-1 RDP Bypass Vulnerability"
In reply to: gregory duchemin: "Messenger/Hotmail passwords at risk"
Next in thread: Jeffrey W. Baker: "Re: Messenger/Hotmail passwords at risk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 18:06:46 PDT