Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Google Desktop Search
From: rem <rem () fabrika lv>
Date: Sat, 16 Oct 2004 23:51:58 +0300
What is the added benefit of sending MD5 hashes instead of plain-text passwords? I mean, the MD5 hash will be the same for the same password, isn't it?
I hope that Yahoo has implemented something more complicated that that, otherwise it is plain pointless. 

-- rem.

mike () ampeisch com wrote:

 Read the javascript in the headers of Yahoo's login page:

<-- Begin javascript comments from Yahoo -->
/*
 * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
 * Digest Algorithm, as defined in RFC 1321.
 * Copyright (C) Paul Johnston 1999 - 2000.
 * Updated by Greg Holt 2000 - 2001.
 * See http://pajhome.org.uk/site/legal.html for details.
 */

<-- End Javascript comments from Yahoo -->

THEY don't even cache, or pass, your password. Like all secure programs,
they store, and transmit, an MD5 Sum. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]