1995-12-10 - Re: Windows .PWL cracker implemented as a Word Basic virus

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: dan@milliways.org (Dan Bailey)
Message Hash: 85a085b52600297fad2382b303f6dfad0c449a61da1cda1da9a5171590dc485f
Message ID: <199512102214.RAA22512@jekyll.piermont.com>
Reply To: <199512090547.FAA21624@pop01.ny.us.ibm.net>
UTC Datetime: 1995-12-10 22:14:35 UTC
Raw Date: Sun, 10 Dec 95 14:14:35 PST

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 10 Dec 95 14:14:35 PST
To: dan@milliways.org (Dan Bailey)
Subject: Re: Windows .PWL cracker implemented as a Word Basic virus
In-Reply-To: <199512090547.FAA21624@pop01.ny.us.ibm.net>
Message-ID: <199512102214.RAA22512@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Dan Bailey writes:
> No, but they're doing something that makes me very uncomfortable:  As
> I read this, they're hashing the password and some other user
> information using MD4 then doing some proprietary permutations on
> that.  Given their record with security, I'd rather they used straight
> MD4, rather than throwing in something that we can't analyze.

MD4 has been broken. I thought that was common knowledge. MD5 is still
safe, of course.

Perry





Thread