From: Lee Fisher <leefi@microsoft.com>
To: “‘cypherpunks@toad.com>
Message Hash: 1bf55ebe337121aaf23ff153aad8ab61a226ac25d9f8caaca45b7bca5c42f33f
Message ID: <c=US%a=%p=msft%l=RED-09-MSG-960425205348Z-73431@tide19.microsoft.com>
Reply To: _N/A
UTC Datetime: 1996-04-25 20:55:46 UTC
Raw Date: Thu, 25 Apr 1996 13:55:46 -0700 (PDT)
From: Lee Fisher <leefi@microsoft.com>
Date: Thu, 25 Apr 1996 13:55:46 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: Re: Hack MSN anyone?
Message-ID: <c=US%a=_%p=msft%l=RED-09-MSG-960425205348Z-73431@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain
I was curious about the below message, and checked...
MSN uses CHAP (PPP's challenge-response handshake) for network layer
authetication, and NTLM (Windows NT's challenge-response handshake) for
application-layer authentication. The password is never sent in across
the network. Challenge-responses encrypted with the password are sent.
Lee Fisher
| The names have been changed to protect the innocent...
| I need say no more I'm sure.
|
|| Yes, windows95 dialup networking uses compression to send the
password
|| when connecting. Thanks for using the Microsoft Network
||
||| Problem Description: Microsoft being security conscious and all, I
||| would hope that when I connect to MSN over the Internet, that my MSN
||| client has the decency to ENCRYPT my password when it sends it over
the
||| net, yes? This is the first time I couldn't get through to a
dial-up
||| connection and had to access MSN using my ISP. Having done so, I
find
||| it extrememly convenient, and would like to continue to do so.
Thanks.
Return to April 1996
Return to “Rich Graves <llurch@networking.stanford.edu>”