Ethereal-users: Re: [Ethereal-users] TDS7 Login Packet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Zar Cho <zar_cho@xxxxxxxxx>
Date: Wed, 11 Aug 2004 06:57:08 -0700 (PDT)
> Zar Cho said:
> > Why is not decoded the password field in the TDS7
> > protocol login packet?
> > Is it because the algorithm is not known or it's
> > obfuscated deliberately?
> 
> It's probably known in the FreeTDS code.
> 
> However, even if it is known, that doesn't
> necessarily make it possible to
> decrypt the password.
> 
> In fact, if the algorithm were known and made it
> possible to trivially
> decrypt the password, that would mean that Sybase or
> Microsoft or whoever
> chose that encryption algorithm would have made a
> huge mistake, as that'd
> mean anybody who could capture network traffic could
> trivially crack the
> password for an account.

Well, using Cain & Abel, I could crack the password,
as trivially as point and click...
So, I just wanted to know why Ethereal couldn't do it



	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail