Re: [Full-disclosure] HTTP AUTH BASIC monowall.



except for that SSH uses RSA, which uses a public and private key. If the
password is encrypted during the transfer to the site, and can only get
decrypted there, then it can't possibly be sniffed with some computer
inbetween, can it?

Well that may be true, but we weren't talking about SSH. The original
thread is about SSL and Basic Auth credentials.

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages