Wireshark · Ethereal-dev: Re: [Ethereal-dev] [PATCH] add password hash identifier in packet-aim.c

[Jon Oberheide <jon@xxxxxxxxxxxxx>]

On Sun, 2004-04-11 at 16:58, Guy Harris wrote:
> On Sat, Apr 10, 2004 at 09:57:01PM -0400, Jon Oberheide wrote:
> > The attached patch adds the "Password Hash" label to AIM_TLV_PASSWORD
> > (0x0025) which was previously "Unknown".
> 
> Checked in.
> 
> > The presence of 0x004c, which is also "Unknown", means that AIM is using
> > the newer method of MD5 authentication as opposed to the older one:
> > 
> > NEWER METHOD: hash(key + hash(password) + "AOL Instant Messenger (SM)")
> > OLDER METHOD: hash(key + password + "AOL Instant Messenger (SM)")
> > 
> > Unfortunately, I cannot test this older method
> 
> "Test" in what sense?  We aren't actually computing the hashes, so it's
> not as if either the old or new method needs any hashing code in
> Ethereal to be tested.

"Test" as in using the old method of AIM MD5 authentication and
observing the results in ethereal.  I am not sure if the AIM servers
would still even support this old method of authentication if I were
able to test it.

> > and am not sure of a fitting label for 0x004c.
> 
> "Password Hash (New)", as opposed to 0x0025's "Password Hash (Old)"?

To clarify, 0x0025 will be present as the password hash for BOTH the new
and old methods.  However, I believe 0x004c is only present in the new
method and is probably a simple signal to the server that the client is
using the new method.  I'm only making these assumptions regarding
0x004c based on gaim's code so I wouldn't commit to any conclusions.

Regards,
Jon Oberheide
jon@xxxxxxxxxxxxx