Since August, I have not been able to connect to my Live! aka MSN IM account using Pidgin. I first thought that it is Pidgin's fault. They had a history of MSN bugs [1]. Furthermore, the error I was getting was 'Email address or password are incorrect.' I could log in to Live! mail and to MSN Web Messenger using that account though, which confirmed that the credentials were correct.
Yesterday, my roommate connected using his account, confirming that Pidgin was not the problem. I thus downloaded Live! Messenger, something I loathed to do for a long time, as it is a horrible piece of bloatware. Also, I love WengoPhone and Pidgin. The password input field did not accept a password longer than 16 characters. Great! Mine was twenty. At least that is what I thought.
After a bit of research, I have found that all MSN/Live! password inputs silently discard any character after the 16th. Here is a Pidgin ticket discussing the problem [2].
Microsoft bashing is tasteless by now, but when you see stuff like this, you just wonder... why not? Surely, they do not save a great deal of space by limiting the length of the password.
Worse, short passwords are as good as none, as hardware (GPU) assisted password cracking made is now easy and fast [3].
The ultimate explication is that until recently, either Pidgin or MSN's server silently trimmed any excessive characters. Then they stopped doing it, and thus password hash comparison fails.
Sunday, October 28, 2007
Subscribe to:
Posts (Atom)
