Re: Messenger/Hotmail passwords at risk

[Mark]

> The simplest of these, in terms of retrofitting existing systems that use
> one of the constructions Ishikawa mentions, is
> 
>       H(password || H(password || known-string))

Which is very close to CRAM-MD5. That uses:

        H( (password XOR 0x5C) || H( (password XOR 0x36) || challenge-string));


Regards.