Hello all, Recently, it has come to my attention that many of our users are using the standard login to access their yahoo accounts. I want to push a policy that requires them to use the secure login option instead. I would like to show my boss that you can capture the username and password by simply doing some sniffing. Well, to do a test I fired up ethereal and captured a session of me logging into a new yahoo account. What kind of suprised me is the password looks encrypted. My first guess was it was just base 64 mime encoded but that turned out to be wrong. Does anyone have any idea on how they encrypt their passwords or have any tools that will try and crack the passwords. My other question is if the passwords are encrypted why do they offer a secure login option? How does that increase security, other than adding a brief ssl session. Thanks, Jeremy
This archive was generated by hypermail 2b30 : Tue Aug 27 2002 - 15:17:25 PDT