get applied cryptography, all your cryptographical questions will be answered, even questions you didnt know to ask. ----- Original Message ----- From: "Kevin Jenkins" <gameprogrammer@xxxxxxxxxx> To: <gameprogrammer@xxxxxxxxxxxxx> Sent: Sunday, July 18, 2004 10:24 AM Subject: [gameprogrammer] Algo to break any password? > I was thinking of this last night. It seems like a way you can beat any > password based security measure. Please tell me if I'm wrong. > > s2c: Encyrption data (nonce, public key, whatever). > c2s: Hash containing the password. > > I have a packetsniffer on a router inbetween them. > > I don't try to break the hash. Instead, I run whatever algo the client was > using to generate the hash using every possible password until our hashes > match. Short of using an algo that takes several minutes to generate a > single hash, I can run through all reasonable passwords pretty quick. If I > assume the passwords are alpha-numeric then I can do it even faster. > > So it seems like a packetsniffer can beat any security measure. Am I wrong? > > > > --------------------- > To unsubscribe go to http://gameprogrammer.com/mailinglist.html > > --------------------- To unsubscribe go to http://gameprogrammer.com/mailinglist.html