[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- From: "Matthijs van Otterdijk" <thotter@xxxxxxxxx>
- Date: Mon, 13 Mar 2006 20:56:18 +0100
except for that SSH uses RSA, which uses a public and private key. If the
password is encrypted during the transfer to the site, and can only get
decrypted there, then it can't possibly be sniffed with some computer
inbetween, can it?
On 3/13/06, Tim <tim-security@xxxxxxxxxxxxxxxxxxx> wrote:
>
> > Well isn't the whole idea of SSH that the connection is encrypted? so it
> > doesn't matter trough how many compromised networks it goes, since it
> gets
> > encrypted at the sending computer and decrypted at the receiving one.
>
> Wow, this reasoning is getting better all the time.
>
>
> How about this: I'll encrypt a message with AES, post the password/key
> for that message on a public message board so my buddy can read it, and
> then send him an email containing the encrypted message.
>
> That's secure right?
>
> The issue brought up has to do with authentication, not encryption.
> Authentication has to be good, or else encryption is 100% worthless.
>
> tim
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/