[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Oct 2006 16:45:28 +0100
From: Simon Tatham <anakin@...ox.com>
To: Matthew Flaschen <matthew.flaschen@...ech.edu>
Cc: Antoine SANTO <Antoine.SANTO@...f.fr>, full-disclosure@...ts.grok.org.uk
Subject: Re: RE : Putty Proxy
login/password discolsure....(Answer from PUTTY Staff)
Matthew Flaschen <matthew.flaschen@...ech.edu> wrote:
> Why can't you generate the encryption key from a passphrase?
Because requiring the user to type in their passphrase at the start
of the session in order to decrypt their proxy password is no more
convenient than requiring them to type in the proxy password
directly!
--
Simon Tatham "What a caterpillar calls the end of the
<anakin@...ox.com> world, a human calls a butterfly."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists