| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200603141800.k2EI0rhB004905@turing-police.cc.vt.edu> Date: Tue Mar 14 18:01:01 2006 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: HTTP AUTH BASIC monowall. On Mon, 13 Mar 2006 14:49:45 EST, Tim said: > The issue brought up has to do with authentication, not encryption. > Authentication has to be good, or else encryption is 100% worthless. Actually, encryption can do some good, even in the absence of authentication. Even if the remote end is totally unauthenticated, you have at least guaranteed that nobody is doing any passive sniffing of the content in transit. You've at least forced an attacker to mount an active MitM attack, which is both more challenging and has a higher risk of detection.... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 228 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060314/0c0586a8/attachment.bin
Powered by blists - more mailing lists