[Evolution-hackers] Security vulnerability in APOP authentication

2007-03-29 Thread Gaëtan LEURENT
Hello, I found a security vulnerability in the APOP authentication. It is related to recent collision attacks by Wang and al. against MD5. The basic idea is to craft a pair of message-ids that will collide in the APOP hash if the password begins in a specified way. So the attacker would

[Evolution-hackers] Security vulnerability in APOP authentication

2007-03-17 Thread Gaëtan LEURENT
Hello, I found a security vulnerability in the APOP authentication. It is related to recent collision attacks by Wang and al. against MD5. The basic idea is to craft a pair of message-ids that will collide in the APOP hash if the password begins in a specified way. So the attacker would