Re: MSN traffic encryption?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


MSN use MD5 for password encryption.  Brute force could crack it.  T

On Fri, 30 Aug 2002, many Lists.. wrote:

> 
> I captured this MSN traffic through sniffer
> 
> --------------
> 
> E..._...4..>@........G.a..g.r..TP.C.n:..MSG 
> Hotmail Hotmail 456..MIME-Version: 
> 1.0..Content-Type: text/x-msmsgsprofile; charset=UTF-
> 8..LoginTime: 2422994567..EmailEnabled: 
> 0..MemberIdHigh: 456425..MemberIdLow: 
> -7141621634..lang_preference: 
> 1033..preferredEmail: xxx@hotmail.com..country: 
> PK..PostalCode: 95441..Gender: u..Kid: 0..Age: 
> 201..BDayPre: 2..Birthday: 
> 54870..Wallet: 
> 0..Flags: 3457..sid: 522..kv: 4..MSPAuth: 
> 49szCH5smDWBOob5T!MPOBmAmgNb4AB5Ur6DPzdsJqeO!
> kDsgfuiBy98Rrpv!
> vUQ5cvgWClzgNUb8tILK9t0yJLA$$.......
> 
> --------------------------------
> 
> If i am not wrong thatn MSPAuth: {hash} is encrypted
> sum or form of the users password.
> 
> I want to find out what encryption method it is
> because it have never seen like this one and is it
> crackable?
> 
> The reason I want to know is that, this information
> could be used in penetration testing practices too,
> and if this password is uncrackable yet or the
> algorithm is not yet disclosed then the risk involved
> is quiet low. However the reigon details do help one
> to try out the forget password option of hotmail page
> in order to reach the hint question portion after
> providing the correct details of country and zipcode.
> So it does expose some of the information already now
> the questions is about the encryption used for MSN.
> 
> And if i want to find out the encryption involved in
> it, it does not make me a cracker or does it? mr
> moderator? so please allow this post
> thank you
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Finance - Get real-time stock quotes
> http://finance.yahoo.com
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@linuxsecurity.com
>          with "unsubscribe" in the subject of the message.
> 

-- 
duane

Fun reading...well for some.  8-)
http://www.linuxsecurity.com/feature_stories/feature_story-116.html
http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html -- Updated Version
http://www.linuxsecurity.com/feature_stories/feature_story-89.html
http://www.linuxsecurity.com/feature_stories/feature_story-88.html

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux