[10977] in bugtraq
Re: MS Chap v2 analysis
daemon@ATHENA.MIT.EDU (Peter J. Holzer)
Fri Jul 9 02:28:11 1999
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=da4uJneut+ArUgXk; micalg=pgp-md5;
protocol="application/pgp-signature"
Message-Id: <19990708114118.C15635@wsr.ac.at>
Date: Thu, 8 Jul 1999 11:41:18 +0200
Reply-To: "Peter J. Holzer" <hjp@WSR.AC.AT>
From: "Peter J. Holzer" <hjp@WSR.AC.AT>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <179AA48D1741D211821700805FFE2418018714D1@HQMAIL02>; from Burton
Rosenberg on Wed, Jul 07, 1999 at 06:15:37PM -0400
--da4uJneut+ArUgXk
Content-Type: text/plain; charset=us-ascii
On 1999-07-07 18:15:37 -0400, Burton Rosenberg wrote:
> the parallel structure of generating the challenge
> response (function ChallengeResponse() in
> www.ietf.org/internet-drafts/draft-ietf-pppext-mschap-v2-03.tex) cuts
> down the strength of the PasswordHash from 16 to 14 bytes.
7 Bytes. If you compute DES_X(C) for all 2^56 values of X, you will
discover both P1 and P2 (and P3, too, of course).
hp
--
_ | Peter J. Holzer | Where do you want your keys
|_|_) | Sysadmin WSR / Obmann LUGA | to go today?
| | | hjp@wsr.ac.at | -- Tom Perrine <tep@SDSC.EDU>
__/ | http://wsrx.wsr.ac.at/~hjp/ | on bugtraq 1999-04-20
--da4uJneut+ArUgXk
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQDQAwUBN4RyPlLjemazOuKpAQFO2AXTBvylEDDMYzGF2eyYd1DwO3Gs6snWKptA
+xBA1NHkIjfZTOzYsDorC7Bs7fmu9fmVBffY8mMCPytZzKc/5e7DmDQPFq09zm/W
rh1R8VAXh1MJVxG6SHXknAIIWgdlsoZG+mSRK6bIPjzGXyfz5wsHxS/CECAk32qa
7GhxyX8LUVZu1u+RwrkLd7BVh2OTud9bQE11JqQbq9JlZ9kz3WX7TYUQngiYaQP4
iHuJ+b5T38goEamL9euf4HnqCQ==
=uIms
-----END PGP SIGNATURE-----
--da4uJneut+ArUgXk--
