Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - AIM6 gives passwords to crackers on silver platter

imunfair writes: "I've been playing around with AIM6/Triton, and managed to replicate their login sequence — it's extremely insecure and I would suggest avoiding it at all costs. Also of note, the AIM6 passwords are stored encoded in the registry under:

HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

Yes, that's right, I said the password is encoded/encrypted there is no hashing involved so it is possible to extract plaintext passwords from the registry! I'm still working on figuring out how it is encoded/encrypted, but I should say it is definitely a block encryption, working on 8 byte blocks. Possibly DES. The whole thing is prefaced with 8 bytes which are not part of the password, and the whole shebang is then base64 encoded and placed in your registry for anyone to grab and decrypt."

Slashdot Top Deals

"If truth is beauty, how come no one has their hair done in the library?" -- Lily Tomlin

Working...