Tweet
Apparently, AOL has a 16 character password field which ignores the last 8 characters you enter:
http://blog.washingtonpost.com/secur...l?nav=rss_blog
BRILLIANT!
http://blog.washingtonpost.com/secur...l?nav=rss_blog
BRILLIANT!
-
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
[ redacted ] -
Re: AOL, that paragon of security
Well, they have tried to position themselves as competition with Microsoft, and MS had that backwards compatability for NT LANMan and their SMB auth by breaking a password into 2 parts for processing them separately with case insensitivity for bonus points.Originally posted by bascule View Post
Maybe AOL is trying to outdo Microsoft.
(heh heh) -
Re: AOL, that paragon of security
vnc auth anyone? That's ok.. I'm sure its statistically difficult to crack 8 character passwords with mainframe quality gaming consoles, open wireless nodes, and a plague of broadband connectivity that would make any accoustic coupler squirt a drop...if it gets me nowhere, I'll go there proud; and I'm gonna go there free.Comment
-
Re: AOL, that paragon of security
Best quote:
Stating the obvious, but tends to make up for his sillier comments last week."Truncating the password at eight characters is a big deal, and there's no excuse for any company in today's world to be doing that," Schneier said. "Especially because AOL has...shall we say, some less sophisticated users."\x74\x68\x65\x70\x72\x65\x7a\x39\x38";Comment
Comment