[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Google Desktop Search

To: mike@xxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Google Desktop Search
From: rem <rem@xxxxxxxxxx>
Date: Sat, 16 Oct 2004 23:51:58 +0300

What is the added benefit of sending MD5 hashes instead of plain-text passwords? I mean, the MD5 hash will be the same for the same password, isn't it?

I hope that Yahoo has implemented something more complicated that that, otherwise it is plain pointless.

-- rem.

mike@xxxxxxxxxxxx wrote:

Read the javascript in the headers of Yahoo's login page:
<-- Begin javascript comments from Yahoo -->
/*
 * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
 * Digest Algorithm, as defined in RFC 1321.
 * Copyright (C) Paul Johnston 1999 - 2000.
 * Updated by Greg Holt 2000 - 2001.
 * See http://pajhome.org.uk/site/legal.html for details.
 */
<-- End Javascript comments from Yahoo -->

THEY don't even cache, or pass, your password. Like all secure programs, they store, and transmit, an MD5 Sum.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Google Desktop Search
  - From: yahoo@localhost
- Re: [Full-Disclosure] Google Desktop Search
  - From: mike
- Re: [Full-Disclosure] Google Desktop Search
  - From: Andrew Farmer

References:
- [Full-Disclosure] Google Desktop Search
  - From: DogoBrazil
- Re: [Full-Disclosure] Google Desktop Search
  - From: Dave King
- Re: [Full-Disclosure] Google Desktop Search
  - From: mike

Prev by Date: [Full-Disclosure] Re: [IE 6 SP2] Possible URL Spoofing
Next by Date: Re: [SPAM] [Full-Disclosure] Your daily internet traffic report
Previous by thread: Re: [Full-Disclosure] Google Desktop Search
Next by thread: Re: [Full-Disclosure] Google Desktop Search
Index(es):
- Date
- Thread