[mICQ] [patch] ICQ md5 login support
Robert Bartel
r.bartel at gmx.net
Fri Apr 13 22:26:51 CEST 2007
On Fri, Apr 13, 2007 at 20:39:14 +0200, Peter Stuge wrote:
> MD5 is considered cracked, so not much different from clear text.
It's broken regarding its collision resistance. But here it is used for
authentication with a server generated random key. An attacker would have to
generate a lot of collisions for an intercepted hash value to find the correct
password, not just one.
Anyway it's much more secure than sending the password directly :)
> If micq already depends on OpenSSL then fine, otherwise please don't
> add the dependency now. Grab the code from LibTomCrypt instead.
> http://libtom.org/
SSL support with OpenSSL or GnuTLS is optional in micq, so it's not a direct
dependency. MD5 could be included in the source, as you say. Maybe I'll look
at that and fix the other problems when I have some time. But at the moment I
see no need for it.
More information about the mICQ-List
mailing list