Security Basics mailing list archives

Re: Hotmail sign-in through Outlook Express -- clear-text?

From: James Fields <jvfields () tds net>
Date: 06 Jun 2003 13:46:28 -0400

On Fri, 2003-06-06 at 04:37, Anders Reed Mohn wrote:

I'm not very experienced in this, so I'd like to know if I missed something.
Once before, I've seen people claim that it passwords (for VNC)
were sent in clear text, but I couldn't see them then either.
I use Ethereal for packet captures.


The reason you can't see VNC passwords in a sniffer is they are never
actually sent across the wire.  They are used as an encryption key.  The
server sends a randomly generated string of data and the client encrypts
it with the password and sends it back (or the reverse, can't
remember).  Only the random string in question ever goes over the wire
during authentication.
-- 
------------
James V. Fields


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: Hotmail sign-in through Outlook Express -- clear-text? Anders Reed Mohn (Jun 06)
- Re: Hotmail sign-in through Outlook Express -- clear-text? James Fields (Jun 06)
- <Possible follow-ups>
- Re: Hotmail sign-in through Outlook Express -- clear-text? SVater (Jun 06)
  - Re: Hotmail sign-in through Outlook Express -- clear-text? Anders Reed Mohn (Jun 10)