<< Previous Message Main Index Next Message >>
<< Previous Message in Thread This Month Next Message in Thread >>
Date   : Wed, 02 Nov 2011 20:17:25 +0000
From   : philb@... (Phil Blundell)
Subject: Request for Help - Security Research Project

On Wed, 2011-11-02 at 20:57 +0100, Chris Johns wrote:
> I think the SJ servers had *login which encrypted the password on the
> wire.

They did (or *LOGON maybe) though I think at least the early versions
didn't do a very good job of the encryption.  If I remember right the
algorithm was something along the lines of "ask the server for an
encryption key, hash the password, XOR it with the key, and send the
result".  So, although you couldn't actually recover the password from
the wire traffic, you could recover the hash which was just as good as
the password for the purpose of logging on.

I have a feeling the algorithm was improved sometime around MDFS 1.00
but I'm not certain about that.

p.
<< Previous Message Main Index Next Message >>
<< Previous Message in Thread This Month Next Message in Thread >>