Full Disclosure mailing list archives
Re: Google Desktop Search
From: Andrew Farmer <andfarm () teknovis com>
Date: Wed, 20 Oct 2004 10:48:51 -0700
On 16 Oct 2004, at 13:51, rem wrote:
What is the added benefit of sending MD5 hashes instead of plain-text passwords? I mean, the MD5 hash will be the same for the same password, isn't it?I hope that Yahoo has implemented something more complicated that that, otherwise it is plain pointless.
Take a closer look at how it's being used. The client isn't just sending a MD5 hash of the password -- there's a challenge/response system being used.
Attachment:
PGP.sig
Description: This is a digitally signed message part
Current thread:
- Re: Google Desktop Search, (continued)
- Re: Google Desktop Search Mary Landesman (Oct 15)
- Re: Google Desktop Search Exibar (Oct 15)
- Re: Google Desktop Search mike (Oct 15)
- Re: Google Desktop Search Mary Landesman (Oct 15)
- Re: Google Desktop Search bipin gautam (Oct 15)
- Re: Google Desktop Search Dave King (Oct 15)
- Re: Google Desktop Search mike (Oct 15)
- Re: Google Desktop Search Dave King (Oct 15)
- Re: Google Desktop Search rem (Oct 16)
- Re: Google Desktop Search yahoo@localhost (Oct 16)
- Re: Google Desktop Search mike (Oct 16)
- Re: Google Desktop Search Andrew Farmer (Oct 20)
- Re: Google Desktop Search mike (Oct 15)
- Re: Google Desktop Search xploitable (Oct 15)
- Re: Google Desktop Search James Tucker (Oct 15)
- Re: Google Desktop Search Etaoin Shrdlu (Oct 15)
- Re: Google Desktop Search Rodrigo Barbosa (Oct 15)