Re: Messenger/Hotmail passwords at risk

From: Mark (markd-bugtraqat_private)
Date: Mon Jul 16 2001 - 14:12:38 PDT

Next message: Tolga Tarhan: "RE: Card Service International / LinkPoint API Security Concerns"

Previous message: David LeBlanc: "RE: Windows MS-DOS Device Name DoS vulnerabilities"
In reply to: Michael Wojcik: "RE: Messenger/Hotmail passwords at risk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The simplest of these, in terms of retrofitting existing systems that use
> one of the constructions Ishikawa mentions, is
> 
> 	H(password || H(password || known-string))

Which is very close to CRAM-MD5. That uses:

	H( (password XOR 0x5C) || H( (password XOR 0x36) || challenge-string));


Regards.

Next message: Tolga Tarhan: "RE: Card Service International / LinkPoint API Security Concerns"
Previous message: David LeBlanc: "RE: Windows MS-DOS Device Name DoS vulnerabilities"
In reply to: Michael Wojcik: "RE: Messenger/Hotmail passwords at risk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 15:03:47 PDT