Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: John Madden (maddenj_at_skynet.ie)
Date: Tue Aug 27 2002 - 18:54:38 CDT
On (27/08/02 22:10), Jeremy didst pronounce:
> Well, to do a test I fired up ethereal and captured a session of me logging into a new yahoo account. What kind of suprised me is the password looks encrypted. My first guess was it was just base 64 mime encoded but that turned out to be wrong. Does anyone have any idea on how they encrypt their passwords or have any tools that will try and crack the passwords.
I remember trying that here using arpspoof and dsniff. It captured the
URL that was being used. From what I remember, the password was MD5
encrypted, and it said so in the URL. But, that said, there's no need to
decrypt the password. Just paste that URL into your browser and it'll
bring you directly into the persons yahoo email account.
> My other question is if the passwords are encrypted why do they offer a secure login option? How does that increase security, other than adding a brief ssl session.
I think I already covered this above -- because you don't need to know
the password to log into their email account, you only need the URL that
-- Chat ya later,
John. -- BOFH excuse #157: Incorrect time syncronization