[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Google Desktop Search

To: rem <rem@xxxxxxxxxx>
Subject: Re: [Full-Disclosure] Google Desktop Search
From: Andrew Farmer <andfarm@xxxxxxxxxxxx>
Date: Wed, 20 Oct 2004 10:48:51 -0700

On 16 Oct 2004, at 13:51, rem wrote:

What is the added benefit of sending MD5 hashes instead of plain-text passwords? I mean, the MD5 hash will be the same for the same password, isn't it?

I hope that Yahoo has implemented something more complicated that that, otherwise it is plain pointless.

Take a closer look at how it's being used. The client isn't just sending a MD5 hash of the password -- there's a challenge/response system being used.

Attachment: PGP.sig
Description: This is a digitally signed message part

References:
- [Full-Disclosure] Google Desktop Search
  - From: DogoBrazil
- Re: [Full-Disclosure] Google Desktop Search
  - From: Dave King
- Re: [Full-Disclosure] Google Desktop Search
  - From: mike
- Re: [Full-Disclosure] Google Desktop Search
  - From: rem

Prev by Date: Re: [Full-Disclosure] interesting trojan found
Next by Date: Re: [Full-Disclosure] RE: How to Break Windows XP SP2 + Internet Explorer 6 SP2
Previous by thread: Re: [Full-Disclosure] Google Desktop Search
Next by thread: RE: [Full-Disclosure] Google Desktop Search
Index(es):
- Date
- Thread