On 1999-07-07 18:15:37 -0400, Burton Rosenberg wrote:
> the parallel structure of generating the challenge
> response (function ChallengeResponse() in
> www.ietf.org/internet-drafts/draft-ietf-pppext-mschap-v2-03.tex) cuts
> down the strength of the PasswordHash from 16 to 14 bytes.
7 Bytes. If you compute DES_X(C) for all 2^56 values of X, you will
discover both P1 and P2 (and P3, too, of course).
hp
--
_ | Peter J. Holzer | Where do you want your keys
|_|_) | Sysadmin WSR / Obmann LUGA | to go today?
| | | [EMAIL PROTECTED] | -- Tom Perrine <[EMAIL PROTECTED]>
__/ | http://wsrx.wsr.ac.at/~hjp/ | on bugtraq 1999-04-20
PGP signature
