Yahoo mail authentication protocol

From: J Katz (none_at_none.net)
Date: 09/27/04


Date: Mon, 27 Sep 2004 16:52:02 -0400

Does anyone know the authentication protocol used by Yahoo mail (the
insecure version)? By using Ethereal you can basically guess that they
are simply hashing a random salt with the user's password, but I am
wondering if anyone knows whether anything else is included in the hash
function computation.

For that matter, does anyone know offhand of any non-SSL web-based
authentication protocols whose details are publicly available?

[For those who care: I am looking for some nice real-world examples to
show in my Computer Security class!]