On 2/7/07, Thomas Nyheim <flyingdarktiger@xxxxxxxxxxx> wrote:
...
Secondly, what exactly does it mean that the MS SQL dissector now
de-obfuscates passwords?
It means wireshark will show the plaintext passwords by reversing the
advanced XOR-with-0xA5 encryption it uses.
MAPI as used by Exchange also use the same advanced
XOR-every-byte-with-0xA5 "encryption" algorithms.
In one way it is more generic than rot13 (that also exhibit the same
property: encrypt twice to get plaintext) since XOR-with-0xA5 also
works with binary data while rot13 does not.