On Fri, 6 Jul 2001, gregory duchemin wrote:
> hi bugtraqers,
>
>
> Background
> ==========
>
> i sent the following advisory to Microsoft there is about 1 month of
> that, and since i did not get any reply. The problem described below
> is still working on the latest MSN client version currently available.
> A bug in the Hotmail Messenger cryptographic system may allow the
> recovery of millions of hotmail mailboxes's password.
Uh huh. So you are saying that, given MD5(password), password may be
recovered by brute force. And this is new/interesting in what way? You
can brute force ANY_FUNCTION(password) in exactly the same way.
The password is a secret key, and its length is important.
> say user toto has a password "titan"
> then his client generate the string "yyyyyyyyy.yyyyyyyyytitan" and the
> according MD5 hash, say xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
> the client send MD5(yyyyyyyyy.yyyyyyyyytitan) on the wire.
>
> Problem
> =======
>
> by sniffing the wire, a malicious user can obviously retrieve the
> scrambler string and the final hash. then he can start a bruteforce
> session trying all password combinaisons with the same scrambler
> prepended and comparing the resulting hash with this he previously
> sniffed. (an exhaustive attack)
Wow if you are worried about that I suggest you have a good long look at
the SMB protocol!
-jwb
