lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon Mar 13 19:49:55 2006
From: tim-security at sentinelchicken.org (Tim)
Subject: HTTP AUTH BASIC monowall.

> Well isn't the whole idea of SSH that the connection is encrypted? so it
> doesn't matter trough how many compromised networks it goes, since it gets
> encrypted at the sending computer and decrypted at the receiving one.

Wow, this reasoning is getting better all the time.


How about this:  I'll encrypt a message with AES, post the password/key
for that message on a public message board so my buddy can read it, and
then send him an email containing the encrypted message.

That's secure right?

The issue brought up has to do with authentication, not encryption.
Authentication has to be good, or else encryption is 100% worthless.

tim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ