The MSN Messenger Service 1.0 Protocol draft can be found at
http://msn-transport.sourceforge.net/messenger-protocol.txt
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
On Fri, Jul 06, 2001 at 09:32:36PM -, gregory duchemin wrote:
[snip]
> the hash creation process is as follow:
> ==
>
> say user toto has a password "titan"
> then his client generate the string "y.ytitan" and the
> according MD5 hash, say
On Fri, 6 Jul 2001, gregory duchemin wrote:
> hi bugtraqers,
>
>
> Background
> ==
>
> i sent the following advisory to Microsoft there is about 1 month of
> that, and since i did not get any reply. The problem described below
> is still working on the latest MSN client version currentl
On Mon, 9 Jul 2001, Jeffrey W. Baker wrote:
> Uh huh. So you are saying that, given MD5(password), password may be
> recovered by brute force. And this is new/interesting in what way?
The interesting thing is he can (allegedly) do it at 2.5e6 tries/second on
an affordable machine. Being able t
> On Mon, 9 Jul 2001, Jeffrey W. Baker wrote:
>
> > Uh huh. So you are saying that, given MD5(password), password may be
> > recovered by brute force. And this is new/interesting in what way?
>
> The interesting thing is he can (allegedly) do it at 2.5e6 tries/second on
> an affordable machine
(I sm re-sending this afer minor editing
since I am not sure if this went out
or has been accepted/rejected after I switched my
subscription e-mail address.)
>From the discussion, I think some readers missed
the point of the original poster.
Using "||" as string concatination operator, it seems th
On Wed, Jul 11, 2001 at 09:56:29AM +0530, Gaurav Agarwal wrote:
> > > Uh huh. So you are saying that, given MD5(password), password
> > > may be recovered by brute force. And this is new/interesting in
> > > what way?
> >
> > The interesting thing is he can (allegedly) do it at 2.5e6
> > tries/s
> -Original Message-
> From: Ishikawa [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 11:50 AM
>From the discussion, I think some readers missed
> the point of the original poster.
> Using "||" as string concatination operator, it seems that
>
> MD5 (given-long-string || s
hello
>The claim that he makes is surely interesting. I tried running the md5crack
>on my system which is a linux6.1 Intel pentium 3 733 MHz and I was able to
>get around 1/100 of what he claims. Although he uses a 1GHz AMD can the
>performances be so different ???
try without -v/-V (verbose),
> The simplest of these, in terms of retrofitting existing systems that use
> one of the constructions Ishikawa mentions, is
>
> H(password || H(password || known-string))
Which is very close to CRAM-MD5. That uses:
H( (password XOR 0x5C) || H( (password XOR 0x36) || challenge-str
10 matches
Mail list logo
