Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords")
From: John () LIST ORG (John Viega)
Date: Thu, 16 Dec 1999 10:00:33 -0800

Hopefully my last email answered your questions, but I will summarize
the relevant points if not:

1) The post you mentioned, their crack doesn't work on recent versions
of Windows Netscape, which is what we broke.  These versions use a
much more complex algorithm, which is still very lame.

2) We were unaware of the previous work, and Netscape didn't say "hey,
someone did this before" when we notified them.  In fact, they
definitely reacted as if they knew the problem was there, but hoped no
one would ever bother to exploit it.


On Thu, Dec 16, 1999 at 09:07:32AM +0700, Vanja Hrustic wrote:
I was bit confused with this link (
http://www.rstcorp.com/news/bad-crypto-tech.html ), since I am not quite
clear if these guys are just reinventing the wheel, or have found
something new.

Message at:
370D20EF.BE1A63A () vt 
edu">http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-04-15&msg=370D20EF.BE1A63A () vt edu</A>

containts the information which (as much as I can see) does the same
thing which guys from RST are mentioning. The messages dates from April

Is this just another "Lets get some media attention" thing, or I have
missed some important point?



Vanja Hrustic
The Relay Group
Technology Ahead of Time

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]