lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: rem at (rem)
Subject: Google Desktop Search

What is the added benefit of sending MD5 hashes instead of plain-text 
passwords? I mean, the MD5 hash will be the same for the same password, 
isn't it?

I hope that Yahoo has implemented something more complicated that that, 
otherwise it is plain pointless.

-- rem. wrote:
>  Read the javascript in the headers of Yahoo's login page:
> <-- Begin javascript comments from Yahoo -->
> /*
>  * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
>  * Digest Algorithm, as defined in RFC 1321.
>  * Copyright (C) Paul Johnston 1999 - 2000.
>  * Updated by Greg Holt 2000 - 2001.
>  * See for details.
>  */
> <-- End Javascript comments from Yahoo -->
> THEY don't even cache, or pass, your password. Like all secure programs,
> they store, and transmit, an MD5 Sum. 

Powered by blists - more mailing lists