I captured this MSN traffic through sniffer
--------------
E..._...4..>@........G.a..g.r..TP.C.n:..MSG
Hotmail Hotmail 456..MIME-Version:
1.0..Content-Type: text/x-msmsgsprofile; charset=UTF-
8..LoginTime: 2422994567..EmailEnabled:
0..MemberIdHigh: 456425..MemberIdLow:
-7141621634..lang_preference:
1033..preferredEmail: xxx@hotmail.com..country:
PK..PostalCode: 95441..Gender: u..Kid: 0..Age:
201..BDayPre: 2..Birthday:
54870..Wallet:
0..Flags: 3457..sid: 522..kv: 4..MSPAuth:
49szCH5smDWBOob5T!MPOBmAmgNb4AB5Ur6DPzdsJqeO!
kDsgfuiBy98Rrpv!
vUQ5cvgWClzgNUb8tILK9t0yJLA$$.......
--------------------------------
If i am not wrong thatn MSPAuth: {hash} is encrypted
sum or form of the users password.
I want to find out what encryption method it is
because it have never seen like this one and is it
crackable?
The reason I want to know is that, this information
could be used in penetration testing practices too,
and if this password is uncrackable yet or the
algorithm is not yet disclosed then the risk involved
is quiet low. However the reigon details do help one
to try out the forget password option of hotmail page
in order to reach the hint question portion after
providing the correct details of country and zipcode.
So it does expose some of the information already now
the questions is about the encryption used for MSN.
And if i want to find out the encryption involved in
it, it does not make me a cracker or does it? mr
moderator? so please allow this post
thank you
__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
