Penetration Testing mailing list archives
[PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad
From: "Ruso, Anthony" <aruso () POSITRON QC CA>
Date: Mon, 18 Dec 2000 16:44:06 -0500
Hi All, What are common methods used in decrypting/encrypting cookies. Would many of you trust the use of cookies to store - lets say - passwords and personal information. I'm trying to extract passwords from a clients website through the use of cookies. They used to store website passwords in clear text. I managed to convince them to encrypt them but how can I test their encryption choice and methods. My crypt-analysis experience is very basic. Any feedback would be greatly appreciated. Thanks
Current thread:
- [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Ruso, Anthony (Dec 18)
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Mark Curphey (Dec 18)
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Ryan Russell (Dec 19)
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Thomas Reinke (Dec 19)
- <Possible follow-ups>
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Chris Keladis (Dec 18)
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Fricke, Gregory D. (Dec 19)
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Ng, Kenneth (US) (Dec 19)