Re: Messenger/Hotmail passwords at risk

["Jeffrey W. Baker" <jwbaker () acm org>]

On Fri, 6 Jul 2001, gregory duchemin wrote:

> hi bugtraqers,
>
>
> Background
> ==========
>
> i sent the following advisory to Microsoft there is about 1 month of
> that, and since i did not get any reply. The problem described below
> is still working on the latest MSN client version currently available.
> A bug in the Hotmail Messenger cryptographic system may allow the
> recovery of millions of hotmail mailboxes's password.

Uh huh.  So you are saying that, given MD5(password), password may be
recovered by brute force.  And this is new/interesting in what way?  You
can brute force ANY_FUNCTION(password) in exactly the same way.

The password is a secret key, and its length is important.

> say user toto has a password "titan"
> then his client generate the string "yyyyyyyyy.yyyyyyyyytitan" and the
> according MD5 hash, say xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
> the client send MD5(yyyyyyyyy.yyyyyyyyytitan) on the wire.
>
> Problem
> =======
>
> by sniffing the wire, a malicious user can obviously retrieve the
> scrambler string and the final hash. then he can start a bruteforce
> session trying all password combinaisons with the same scrambler
> prepended and comparing the resulting hash with this he previously
> sniffed. (an exhaustive attack)

Wow if you are worried about that I suggest you have a good long look at
the SMB protocol!

-jwb