Security Basics mailing list archives
Re: Hotmail sign-in through Outlook Express -- clear-text?
From: James Fields <jvfields () tds net>
Date: 06 Jun 2003 13:46:28 -0400
On Fri, 2003-06-06 at 04:37, Anders Reed Mohn wrote:
I'm not very experienced in this, so I'd like to know if I missed something. Once before, I've seen people claim that it passwords (for VNC) were sent in clear text, but I couldn't see them then either. I use Ethereal for packet captures.
The reason you can't see VNC passwords in a sniffer is they are never actually sent across the wire. They are used as an encryption key. The server sends a randomly generated string of data and the client encrypts it with the password and sends it back (or the reverse, can't remember). Only the random string in question ever goes over the wire during authentication. -- ------------ James V. Fields --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Hotmail sign-in through Outlook Express -- clear-text? Anders Reed Mohn (Jun 06)
- Re: Hotmail sign-in through Outlook Express -- clear-text? James Fields (Jun 06)
- <Possible follow-ups>
- Re: Hotmail sign-in through Outlook Express -- clear-text? SVater (Jun 06)
- Re: Hotmail sign-in through Outlook Express -- clear-text? Anders Reed Mohn (Jun 10)