From: Lee Fisher <leefi@microsoft.com>
Date: Thu, 25 Apr 1996 13:55:46 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: Re: Hack MSN anyone?
Message-ID: <c=US%a=_%p=msft%l=RED-09-MSG-960425205348Z-73431@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


I was curious about the below message, and checked... 

MSN uses CHAP (PPP's challenge-response handshake) for network layer
authetication, and NTLM (Windows NT's challenge-response handshake) for
application-layer authentication. The password is never sent in across
the network. Challenge-responses encrypted with the password are sent.

Lee Fisher

| The names have been changed to protect the innocent...
| I need say no more I'm sure.
|
|| Yes, windows95 dialup networking uses compression to send the
password
|| when connecting. Thanks for using the Microsoft Network
||
||| Problem Description: Microsoft being security conscious and all, I
||| would hope that when I connect to MSN over the Internet, that my MSN
||| client has the decency to ENCRYPT my password when it sends it over
the
||| net,  yes?  This is the first time I couldn't get through to a
dial-up
||| connection and had to access MSN using my ISP.  Having done so, I
find
||| it extrememly convenient, and would like to continue to do so. 
Thanks.