Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Submission + - AIM6 gives passwords to crackers on silver platter

imunfair writes: "I've been playing around with AIM6/Triton, and managed to replicate their login sequence — it's extremely insecure and I would suggest avoiding it at all costs. Also of note, the AIM6 passwords are stored encoded in the registry under:

HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

Yes, that's right, I said the password is encoded/encrypted there is no hashing involved so it is possible to extract plaintext passwords from the registry! I'm still working on figuring out how it is encoded/encrypted, but I should say it is definitely a block encryption, working on 8 byte blocks. Possibly DES. The whole thing is prefaced with 8 bytes which are not part of the password, and the whole shebang is then base64 encoded and placed in your registry for anyone to grab and decrypt."

The easiest way to figure the cost of living is to take your income and add ten percent.