Bugtraq mailing list archives
Re: Messenger/Hotmail passwords at risk
From: "Mark" <markd-bugtraq () BushWire Net>
Date: 16 Jul 2001 21:12:38 +0000
The simplest of these, in terms of retrofitting existing systems that use
one of the constructions Ishikawa mentions, is
H(password || H(password || known-string))
Which is very close to CRAM-MD5. That uses:
H( (password XOR 0x5C) || H( (password XOR 0x36) || challenge-string));
Regards.
Current thread:
- Messenger/Hotmail passwords at risk gregory duchemin (Jul 09)
- Re: Messenger/Hotmail passwords at risk aleph1 (Jul 09)
- Re: Messenger/Hotmail passwords at risk Peter van Dijk (Jul 09)
- Re: Messenger/Hotmail passwords at risk Jeffrey W. Baker (Jul 09)
- Re: Messenger/Hotmail passwords at risk Pavel Kankovsky (Jul 10)
- Re: Messenger/Hotmail passwords at risk Gaurav Agarwal (Jul 15)
- Re: Messenger/Hotmail passwords at risk Martin Macok (Jul 16)
- Re: Messenger/Hotmail passwords at risk Pavel Kankovsky (Jul 10)
- <Possible follow-ups>
- Re: Messenger/Hotmail passwords at risk Ishikawa (Jul 15)
- Re: Messenger/Hotmail passwords at risk gregory duchemin (Jul 16)
- RE: Messenger/Hotmail passwords at risk Michael Wojcik (Jul 16)
- Re: Messenger/Hotmail passwords at risk Mark (Jul 16)