Full Disclosure mailing list archives

Re: HTTP AUTH BASIC monowall.

From: Jeremy Bishop <requiem () praetor org>
Date: Mon, 13 Mar 2006 12:04:18 -0800

On Monday 13 March 2006 11:56, Matthijs van Otterdijk wrote:

except for that SSH uses RSA, which uses a public and private key. If
the password is encrypted during the transfer to the site, and can
only get decrypted there, then it can't possibly be sniffed with some
computer inbetween, can it?


As Tim mentioned, the question isn't about the information getting to a 
site securely, it's about whether that site is the correct one and not 
an impostor.

(I think the original poster was referring to SSL, not SSH, but that is 
really immaterial to the question.)

Jeremy

-- 
The universe does not have laws -- it has habits, and habits can
be broken.
                        -- BSD fortune file

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

HTTP AUTH BASIC monowall. Simon Smith (Mar 13)
- Re: HTTP AUTH BASIC monowall. Matthijs van Otterdijk (Mar 13)
  - Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Matthijs van Otterdijk (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Jeremy Bishop (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Jeremy Bishop (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 13)
    - RE: HTTP AUTH BASIC monowall. Lyal Collins (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
    - RE: HTTP AUTH BASIC monowall. Lyal Collins (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Jeremy Bishop (Mar 13)
    - RE: HTTP AUTH BASIC monowall. Lyal Collins (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Pavel Kankovsky (Mar 13)

(Thread continues...)