[12997] in bugtraq
Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords")
daemon@ATHENA.MIT.EDU (John Viega)
Thu Dec 16 19:52:27 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991216100033.H30329@viega.org>
Date: Thu, 16 Dec 1999 10:00:33 -0800
Reply-To: viega-palm@list.org
From: John Viega <John@LIST.ORG>
X-To: vanja@siamrelay.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <38584964.DF181019@relaygroup.com>; from Vanja Hrustic on Thu,
Dec 16, 1999 at 09:07:32AM +0700
Hopefully my last email answered your questions, but I will summarize
the relevant points if not:
1) The post you mentioned, their crack doesn't work on recent versions
of Windows Netscape, which is what we broke. These versions use a
much more complex algorithm, which is still very lame.
2) We were unaware of the previous work, and Netscape didn't say "hey,
someone did this before" when we notified them. In fact, they
definitely reacted as if they knew the problem was there, but hoped no
one would ever bother to exploit it.
John
On Thu, Dec 16, 1999 at 09:07:32AM +0700, Vanja Hrustic wrote:
> I was bit confused with this link (
> http://www.rstcorp.com/news/bad-crypto-tech.html ), since I am not quite
> clear if these guys are just reinventing the wheel, or have found
> something new.
>
> Message at:
> http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-04-15&msg=370D20EF.BE1A63A@vt.edu
>
> containts the information which (as much as I can see) does the same
> thing which guys from RST are mentioning. The messages dates from April
> '99.
>
> Is this just another "Lets get some media attention" thing, or I have
> missed some important point?
>
> Thanks.
>
> --
>
> Vanja Hrustic
> The Relay Group
> http://relaygroup.com
> Technology Ahead of Time
