Full Disclosure mailing list archives

Re: Google Desktop Search

From: Andrew Farmer <andfarm () teknovis com>
Date: Wed, 20 Oct 2004 10:48:51 -0700

On 16 Oct 2004, at 13:51, rem wrote:

What is the added benefit of sending MD5 hashes instead of plain-textpasswords? I mean, the MD5 hash will be the same for the samepassword, isn't it?
I hope that Yahoo has implemented something more complicated thatthat, otherwise it is plain pointless.

Take a closer look at how it's being used. The client isn't justsending a MD5 hash of the password -- there's a challenge/responsesystem being used.

Attachment: PGP.sig
Description: This is a digitally signed message part

Current thread:

Re: Google Desktop Search, (continued)
- - Re: Google Desktop Search Mary Landesman (Oct 15)
    - Re: Google Desktop Search Exibar (Oct 15)
    - Re: Google Desktop Search mike (Oct 15)
  - Re: Google Desktop Search bipin gautam (Oct 15)
- Re: Google Desktop Search Dave King (Oct 15)
  - Re: Google Desktop Search mike (Oct 15)
    - Re: Google Desktop Search Dave King (Oct 15)
    - Re: Google Desktop Search rem (Oct 16)
    - Re: Google Desktop Search yahoo@localhost (Oct 16)
    - Re: Google Desktop Search mike (Oct 16)
    - Re: Google Desktop Search Andrew Farmer (Oct 20)
- Google Desktop Search Dogo (Oct 15)
  - Re: Google Desktop Search xploitable (Oct 15)
    - Re: Google Desktop Search James Tucker (Oct 15)
  - Re: Google Desktop Search Etaoin Shrdlu (Oct 15)
- RE: Google Desktop Search DAN MORRILL (Oct 15)
  - Re: Google Desktop Search Rodrigo Barbosa (Oct 15)