Saturday, September 20, 2008

MSN and Gtalk Local Password Hacking

I have to tell the true that local password of MSN & GTalk can be easily hacked. You can even find the local password directly by using a hack tool named MessenPass. This means it is high risky if you save the password of MSN or GTalk in the local PC.

MessenPass can be used to get the passwords for the current logged-on user on your local computer, and it works if you chose the remember your password in one of the above programs.

Password hashing is a way of encrypting a password before it's stored so that if local computer gets into the wrong hands, the damage is limited. Hashing is nothing new - it's been in use in Unix system password files since long before my time, and quite probably in other systems long before that.

A hash (also called a hash code, digest, or message digest) can be thought of as the digital fingerprint of a piece of data. You can easily generate a fixed length hash for any text string using a one-way mathematical process. It is next to impossible to (efficiently) recover the original text from a hash alone. It is also vastly unlikely that any different text string will give you an identical hash - a 'hash collision'. These properties make hashes ideally suited for storing your application's passwords. Why? Because although an attacker may compromise a part of your system and reveal your list of password hashes, they can't determine from the hashes alone what the real passwords are.

We've established that it's incredibly difficult to recover the original password from a hash, so how will the application know if a user has entered the correct password or not? Quite simply - by generating a hash of the user-supplied password and comparing this 'fingerprint' with the hash stored in your user profile, you'll know whether or not the passwords match.