Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 13 Mar 2006 15:15:47 -0500
except for that SSH uses RSA, which uses a public and private key. If the
password is encrypted during the transfer to the site, and can only get
decrypted there, then it can't possibly be sniffed with some computer
inbetween, can it?
Well that may be true, but we weren't talking about SSH. The original
thread is about SSL and Basic Auth credentials.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/