| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: andfarm at teknovis.com (Andrew Farmer) Subject: Google Desktop Search On 16 Oct 2004, at 13:51, rem wrote: > What is the added benefit of sending MD5 hashes instead of plain-text > passwords? I mean, the MD5 hash will be the same for the same > password, isn't it? > > I hope that Yahoo has implemented something more complicated that > that, otherwise it is plain pointless. Take a closer look at how it's being used. The client isn't just sending a MD5 hash of the password -- there's a challenge/response system being used. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041020/fdfd43fc/PGP.bin
Powered by blists - more mailing lists