Re: [Full-disclosure] HTTP AUTH BASIC monowall.



On Monday 13 March 2006 11:56, Matthijs van Otterdijk wrote:
except for that SSH uses RSA, which uses a public and private key. If
the password is encrypted during the transfer to the site, and can
only get decrypted there, then it can't possibly be sniffed with some
computer inbetween, can it?

As Tim mentioned, the question isn't about the information getting to a
site securely, it's about whether that site is the correct one and not
an impostor.

(I think the original poster was referring to SSL, not SSH, but that is
really immaterial to the question.)

Jeremy

--
The universe does not have laws -- it has habits, and habits can
be broken.
-- BSD fortune file

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/