Full Disclosure mailing list archives

Re: HTTP AUTH BASIC monowall.

From: Valdis.Kletnieks () vt edu
Date: Tue, 14 Mar 2006 13:00:53 -0500

On Mon, 13 Mar 2006 14:49:45 EST, Tim said:

The issue brought up has to do with authentication, not encryption.
Authentication has to be good, or else encryption is 100% worthless.


Actually, encryption can do some good, even in the absence of authentication.

Even if the remote end is totally unauthenticated, you have at least guaranteed
that nobody is doing any passive sniffing of the content in transit.  You've
at least forced an attacker to mount an active MitM attack, which is both more
challenging and has a higher risk of detection....

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: HTTP AUTH BASIC monowall., (continued)
- - - Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 15)
    - Re: Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
    - Re: Re: HTTP AUTH BASIC monowall. greybrimstone (Mar 15)
    - Re: Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 16)
    - Re: Re: Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
    - Re: HTTP AUTH BASIC monowall. Steffen Kluge (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Valdis . Kletnieks (Mar 14)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 14)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
  - Re: HTTP AUTH BASIC monowall. Jim Popovitch (Mar 13)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 13)
  - Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
- Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 15)
- HTTP AUTH BASIC monowall. Brian Eaton (Mar 17)
  - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)