| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a260a2190603131156u1642d587n2d325ec44e23b78a@mail.gmail.com> Date: Mon Mar 13 19:56:26 2006 From: thotter at gmail.com (Matthijs van Otterdijk) Subject: HTTP AUTH BASIC monowall. except for that SSH uses RSA, which uses a public and private key. If the password is encrypted during the transfer to the site, and can only get decrypted there, then it can't possibly be sniffed with some computer inbetween, can it? On 3/13/06, Tim <tim-security@...tinelchicken.org> wrote: > > > Well isn't the whole idea of SSH that the connection is encrypted? so it > > doesn't matter trough how many compromised networks it goes, since it > gets > > encrypted at the sending computer and decrypted at the receiving one. > > Wow, this reasoning is getting better all the time. > > > How about this: I'll encrypt a message with AES, post the password/key > for that message on a public message board so my buddy can read it, and > then send him an email containing the encrypted message. > > That's secure right? > > The issue brought up has to do with authentication, not encryption. > Authentication has to be good, or else encryption is 100% worthless. > > tim > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060313/8be3d606/attachment.html
Powered by blists - more mailing lists