Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 13 Mar 2006 15:15:47 -0500
except for that SSH uses RSA, which uses a public and private key. If the
password is encrypted during the transfer to the site, and can only get
decrypted there, then it can't possibly be sniffed with some computer
inbetween, can it?
Well that may be true, but we weren't talking about SSH. The original
thread is about SSL and Basic Auth credentials.
tim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] HTTP AUTH BASIC monowall.
- From: Simon Smith
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- From: Matthijs van Otterdijk
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- From: Tim
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- From: Matthijs van Otterdijk
- [Full-disclosure] HTTP AUTH BASIC monowall.
- Prev by Date: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- Next by Date: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- Previous by thread: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- Next by thread: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- Index(es):
Relevant Pages
|
