On Fri, 6 Jul 2001, gregory duchemin wrote: > hi bugtraqers, > > > Background > ========== > > i sent the following advisory to Microsoft there is about 1 month of > that, and since i did not get any reply. The problem described below > is still working on the latest MSN client version currently available. > A bug in the Hotmail Messenger cryptographic system may allow the > recovery of millions of hotmail mailboxes's password. Uh huh. So you are saying that, given MD5(password), password may be recovered by brute force. And this is new/interesting in what way? You can brute force ANY_FUNCTION(password) in exactly the same way. The password is a secret key, and its length is important. > say user toto has a password "titan" > then his client generate the string "yyyyyyyyy.yyyyyyyyytitan" and the > according MD5 hash, say xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. > the client send MD5(yyyyyyyyy.yyyyyyyyytitan) on the wire. > > Problem > ======= > > by sniffing the wire, a malicious user can obviously retrieve the > scrambler string and the final hash. then he can start a bruteforce > session trying all password combinaisons with the same scrambler > prepended and comparing the resulting hash with this he previously > sniffed. (an exhaustive attack) Wow if you are worried about that I suggest you have a good long look at the SMB protocol! -jwb
This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 18:19:31 PDT