Wireshark · Wireshark-users: Re: [Wireshark-users] Questions about the latest release

Wireshark-users: Re: [Wireshark-users] Questions about the latest release

From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>

Date: Wed, 7 Feb 2007 09:20:17 +0000

On 2/7/07, Thomas Nyheim <flyingdarktiger@xxxxxxxxxxx> wrote:
...

Secondly, what exactly does it mean that the MS SQL dissector now
de-obfuscates passwords?


It means wireshark will show the plaintext passwords by reversing the
advanced XOR-with-0xA5 encryption it uses.

MAPI as used by Exchange also use the same advanced
XOR-every-byte-with-0xA5 "encryption" algorithms.


In one way it is more generic than rot13 (that also exhibit the same
property: encrypt twice to get plaintext) since XOR-with-0xA5 also
works with binary data while rot13 does not.

References:
- [Wireshark-users] Questions about the latest release
  - From: Thomas Nyheim

Prev by Date: [Wireshark-users] Questions about the latest release
Next by Date: Re: [Wireshark-users] Modification request: csv export
Previous by thread: [Wireshark-users] Questions about the latest release
Next by thread: Re: [Wireshark-users] Questions about the latest release
Index(es):
- Date
- Thread