[21424] in bugtraq
Re: Messenger/Hotmail passwords at risk
daemon@ATHENA.MIT.EDU (Jeffrey W. Baker)
Mon Jul 9 21:19:12 2001
Date: Mon, 9 Jul 2001 12:32:54 -0700 (PDT)
From: "Jeffrey W. Baker" <jwbaker@acm.org>
To: gregory duchemin <c3rb3r@hotmail.com>
Cc: <BUGTRAQ@securityfocus.com>
In-Reply-To: <F7416xsoIIzQtO9vXLs000040f6@hotmail.com>
Message-ID: <Pine.LNX.4.33.0107091227380.31901-100000@heat.gghcwest.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 6 Jul 2001, gregory duchemin wrote:
> hi bugtraqers,
>
>
> Background
> ==========
>
> i sent the following advisory to Microsoft there is about 1 month of
> that, and since i did not get any reply. The problem described below
> is still working on the latest MSN client version currently available.
> A bug in the Hotmail Messenger cryptographic system may allow the
> recovery of millions of hotmail mailboxes's password.
Uh huh. So you are saying that, given MD5(password), password may be
recovered by brute force. And this is new/interesting in what way? You
can brute force ANY_FUNCTION(password) in exactly the same way.
The password is a secret key, and its length is important.
> say user toto has a password "titan"
> then his client generate the string "yyyyyyyyy.yyyyyyyyytitan" and the
> according MD5 hash, say xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
> the client send MD5(yyyyyyyyy.yyyyyyyyytitan) on the wire.
>
> Problem
> =======
>
> by sniffing the wire, a malicious user can obviously retrieve the
> scrambler string and the final hash. then he can start a bruteforce
> session trying all password combinaisons with the same scrambler
> prepended and comparing the resulting hash with this he previously
> sniffed. (an exhaustive attack)
Wow if you are worried about that I suggest you have a good long look at
the SMB protocol!
-jwb
