Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Google Desktop Search
From: Andrew Farmer <andfarm () teknovis com>
Date: Wed, 20 Oct 2004 10:48:51 -0700

On 16 Oct 2004, at 13:51, rem wrote:
What is the added benefit of sending MD5 hashes instead of plain-text passwords? I mean, the MD5 hash will be the same for the same password, isn't it?

I hope that Yahoo has implemented something more complicated that that, otherwise it is plain pointless.

Take a closer look at how it's being used. The client isn't just sending a MD5 hash of the password -- there's a challenge/response system being used.

Attachment: PGP.sig
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]