[45117] in Cypherpunks
Re: Windows .PWL cracker implemented as a Word Basic virus
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Sun Dec 10 17:24:58 1995
To: dan@milliways.org (Dan Bailey)
Cc: cypherpunks@toad.com
In-Reply-To: Your message of "Sat, 09 Dec 1995 00:47:44 EST."
<199512090547.FAA21624@pop01.ny.us.ibm.net>
Reply-To: perry@piermont.com
Date: Sun, 10 Dec 1995 17:14:01 -0500
From: "Perry E. Metzger" <perry@piermont.com>
Dan Bailey writes:
> No, but they're doing something that makes me very uncomfortable: As
> I read this, they're hashing the password and some other user
> information using MD4 then doing some proprietary permutations on
> that. Given their record with security, I'd rather they used straight
> MD4, rather than throwing in something that we can't analyze.
MD4 has been broken. I thought that was common knowledge. MD5 is still
safe, of course.
Perry
