>>All your questions about this particular username/password combo are >>related to Yahoo!. How it's hashed, when, etc. are all things dictated by >>how Yahoo! wrote their web pages. Not being a user of their service, I >>cannot comment. POP user/pass data should go by in the clear, for example. I'm a user of Yahoo! service and I'm just a bit nervous.. all these "what-Ifs" AS I mentioned, I'm not gonna check my ISP POP mail using wifi. Definately a No-No. >>How it's hashed, That's the thing. How does my PC know which algo to use to hash the password, if it's client-side processing? I don't believe there's javascript or something.. Oh well.. Until I know enough, I doubt I'm gonna trust using webmail like Yahoo. ANyone know how to encapsulate yahoo mail or any other webmail with SSH? >>I check mail using webmail over SSL, typically Squirrelmail which is my >>favorite. That way I know my data goes over the Internet strongly encrypted. I take it that its safe cause you implemented it. SInce as the Mini-howto states, you can run through ssh but need to be certain that the other end also is running sshd. (which I can't control) >>Don't worry too much about it... there are no hard-and-fast rules (although >> think "short, sweet, and to the point" comes close to being a rule, IMHO). Actually I do worry quite a lot.. Since I want to be in the good graces of the community.. So.. If anyone has an answer to how someone could get the login/pass combo.. do let me know.. (unless it's proven that there is no way..) Cheers, .^. Mun Heng, Ow /V\ H/M Engineering /( )\ Western Digital M'sia ^^-^^ DID : 03-7870 5168 The Linux Advocate -----Original Message----- From: Rodolfo J. Paiz [mailto:rpaiz@xxxxxxxxxxxxxx] Sent: Monday, October 13, 2003 2:52 PM To: shrike-list@xxxxxxxxxx Subject: RE: WiFi + web based Login + Sniffer + Security At 00:32 10/13/2003, you wrote: >AFAIK / can tell, I can see the username from ethereal capture, but as I >mentioned, the password is hashed or something. All your questions about this particular username/password combo are related to Yahoo!. How it's hashed, when, etc. are all things dictated by how Yahoo! wrote their web pages. Not being a user of their service, I cannot comment. POP user/pass data should go by in the clear, for example. >So.. basically, the login name will be visible, and the password will be >hashed. How easy would it be to decode the hash? What sort of algo does it >use to hash it? What stipulates whether it uses MD5/blowfish etc..etc.. >(frankly I have no idea, just throwing out some algo I know/heard about) All Yahoo!-specific questions in this case. >SSH tunnel is okay for implementation for my home, but for a public >eg:T-Mobile hotspot, how would one go about it? Don't check pop mail there?? In any case where I'm not at my own computer, I check mail using webmail over SSL, typically Squirrelmail which is my favorite. That way I know my data goes over the Internet strongly encrypted. > >>Thanks for trimming; much easier this time to write back and much easier >to > >Actually, I thought that cutting and pasting whatever I was replying to was >adequate. So.. I guess it's not.. :) Basically it is... I don't mean to make things sound like there is One Right Way to do things. In effect, a Linux saying: TIMTOWTDI means to remember that "There Is More Than One Way To Do It" usually. If you keep text from earlier messages that helps provide context, that's OK. If you delete unnecessary text from earlier messages, that's great. You are sort of expected not to leave four or five list signatures lying around the bottom of your message. It's all basically about common sense and making your messages easier to read (which means more people will read them and you will have more of a chance that someone will answer them). It is also about courtesy to others since many people still pay for traffic and many connect on dial-up. This means that every extra line you leave in costs someone money, and costs everyone time. Wasting everyone's time and money is not a nice thing to do, which is why you see people who repost an entire digest getting flamed hard. Don't worry too much about it... there are no hard-and-fast rules (although I think "short, sweet, and to the point" comes close to being a rule, IMHO). -- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list