Ethereal-dev: Re: [Ethereal-dev] [PATCH] add password hash identifier in packet-aim.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 11 Apr 2004 13:58:58 -0700
On Sat, Apr 10, 2004 at 09:57:01PM -0400, Jon Oberheide wrote:
> The attached patch adds the "Password Hash" label to AIM_TLV_PASSWORD
> (0x0025) which was previously "Unknown".

Checked in.

> The presence of 0x004c, which is also "Unknown", means that AIM is using
> the newer method of MD5 authentication as opposed to the older one:
> 
> NEWER METHOD: hash(key + hash(password) + "AOL Instant Messenger (SM)")
> OLDER METHOD: hash(key + password + "AOL Instant Messenger (SM)")
> 
> Unfortunately, I cannot test this older method

"Test" in what sense?  We aren't actually computing the hashes, so it's
not as if either the old or new method needs any hashing code in
Ethereal to be tested.

> and am not sure of a fitting label for 0x004c.

"Password Hash (New)", as opposed to 0x0025's "Password Hash (Old)"?