Full Disclosure mailing list archives

Re: HTTP AUTH BASIC monowall.

From: Tim <tim-security () sentinelchicken org>
Date: Mon, 13 Mar 2006 15:15:47 -0500

except for that SSH uses RSA, which uses a public and private key. If the
password is encrypted during the transfer to the site, and can only get
decrypted there, then it can't possibly be sniffed with some computer
inbetween, can it?


Well that may be true, but we weren't talking about SSH.  The original
thread is about SSL and Basic Auth credentials.

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: HTTP AUTH BASIC monowall., (continued)
- - - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 15)
    - Re: Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
    - Re: Re: HTTP AUTH BASIC monowall. greybrimstone (Mar 15)
    - Re: Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 16)
    - Re: Re: Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
    - Re: HTTP AUTH BASIC monowall. Steffen Kluge (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Valdis . Kletnieks (Mar 14)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 14)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
  - Re: HTTP AUTH BASIC monowall. Jim Popovitch (Mar 13)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 13)
  - Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
- Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 15)
- HTTP AUTH BASIC monowall. Brian Eaton (Mar 17)
  - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)