Ethereal-users: Re: [Ethereal-users] TDS7 Login Packet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Guy Harris" <gharris@xxxxxxxxx>
Date: Tue, 10 Aug 2004 15:21:08 -0700 (PDT)
Zar Cho said:
> Why is not decoded the password field in the TDS7
> protocol login packet?
> Is it because the algorithm is not known or it's
> obfuscated deliberately?

It's probably known in the FreeTDS code.

However, even if it is known, that doesn't necessarily make it possible to
decrypt the password.

In fact, if the algorithm were known and made it possible to trivially
decrypt the password, that would mean that Sybase or Microsoft or whoever
chose that encryption algorithm would have made a huge mistake, as that'd
mean anybody who could capture network traffic could trivially crack the
password for an account.