mailing list archives
Re: Google Desktop Search
From: mike () ampeisch com
Date: Sat, 16 Oct 2004 20:24:53 -0400 (EDT)
Not necessarily -- that's what "salt" characters are for in crypto. Check
out "Applied Cryptography". The added value is that if you have the plain
text password, you have the password, if you have the hash, you still have
to crack it, or BF it. MD5sum is one of the methods that Unix/Linux use
for OS password storage. What Yahoo is doing isn't perfect, but it's a
damn site better than pointless.
What is the added benefit of sending MD5 hashes instead of plain-text
passwords? I mean, the MD5 hash will be the same for the same password,
I hope that Yahoo has implemented something more complicated that that,
otherwise it is plain pointless.
mike () ampeisch com wrote:
* Digest Algorithm, as defined in RFC 1321.
* Copyright (C) Paul Johnston 1999 - 2000.
* Updated by Greg Holt 2000 - 2001.
* See http://pajhome.org.uk/site/legal.html for details.
THEY don't even cache, or pass, your password. Like all secure programs,
they store, and transmit, an MD5 Sum.
Full-Disclosure - We believe in it.
Google Desktop Search Dogo (Oct 15)
RE: Google Desktop Search DAN MORRILL (Oct 15)