[21440] in bugtraq
Re: Messenger/Hotmail passwords at risk
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Tue Jul 10 10:51:50 2001
Date: Tue, 10 Jul 2001 10:41:19 +0200 (MET DST)
From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
To: BUGTRAQ@securityfocus.com
In-Reply-To: <Pine.LNX.4.33.0107091227380.31901-100000@heat.gghcwest.com>
Message-ID: <20010710095634.71E4.0@argo.troja.mff.cuni.cz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Mon, 9 Jul 2001, Jeffrey W. Baker wrote:
> Uh huh. So you are saying that, given MD5(password), password may be
> recovered by brute force. And this is new/interesting in what way?
The interesting thing is he can (allegedly) do it at 2.5e6 tries/second on
an affordable machine. Being able to exhaust all combinations of 8 digits
and lowercase letters within 2 weeks makes such an attack much more
practical.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
