Full Disclosure mailing list archives
Re: Google Desktop Search
From: mike () ampeisch com
Date: Sat, 16 Oct 2004 20:24:53 -0400 (EDT)
Not necessarily -- that's what "salt" characters are for in crypto. Check out "Applied Cryptography". The added value is that if you have the plain text password, you have the password, if you have the hash, you still have to crack it, or BF it. MD5sum is one of the methods that Unix/Linux use for OS password storage. What Yahoo is doing isn't perfect, but it's a damn site better than pointless. M.
What is the added benefit of sending MD5 hashes instead of plain-text passwords? I mean, the MD5 hash will be the same for the same password, isn't it? I hope that Yahoo has implemented something more complicated that that, otherwise it is plain pointless. -- rem. mike () ampeisch com wrote:Read the javascript in the headers of Yahoo's login page: <-- Begin javascript comments from Yahoo --> /* * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message * Digest Algorithm, as defined in RFC 1321. * Copyright (C) Paul Johnston 1999 - 2000. * Updated by Greg Holt 2000 - 2001. * See http://pajhome.org.uk/site/legal.html for details. */ <-- End Javascript comments from Yahoo --> THEY don't even cache, or pass, your password. Like all secure programs, they store, and transmit, an MD5 Sum.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Google Desktop Search, (continued)
- Re: Google Desktop Search Ivan Krstic (Oct 15)
- Re: Google Desktop Search Mary Landesman (Oct 15)
- Re: Google Desktop Search Exibar (Oct 15)
- Re: Google Desktop Search mike (Oct 15)
- Re: Google Desktop Search Mary Landesman (Oct 15)
- Re: Google Desktop Search bipin gautam (Oct 15)
- Re: Google Desktop Search Ivan Krstic (Oct 15)
- Re: Google Desktop Search Dave King (Oct 15)
- Re: Google Desktop Search mike (Oct 15)
- Re: Google Desktop Search Dave King (Oct 15)
- Re: Google Desktop Search rem (Oct 16)
- Re: Google Desktop Search yahoo@localhost (Oct 16)
- Re: Google Desktop Search mike (Oct 16)
- Re: Google Desktop Search Andrew Farmer (Oct 20)
- Re: Google Desktop Search mike (Oct 15)
- Re: Google Desktop Search xploitable (Oct 15)
- Re: Google Desktop Search James Tucker (Oct 15)
- Re: Google Desktop Search Etaoin Shrdlu (Oct 15)
- Re: Google Desktop Search Rodrigo Barbosa (Oct 15)