- From: Marc de Graauw <marc@marcdegraauw.com>
- Date: Thu, 10 Apr 2008 15:54:36 +0200
- To: "'Dan Connolly'" <connolly@w3.org>, "'David Orchard'" <dorchard@bea.com>
- Cc: <www-tag@w3.org>
Dan Connolly: | > The bulk of Chris Drake's message: | [... seems to be about dictionary attacks ...] | | OK, but how is SSL not vulnerable to the same dictionary attacks? SSL uses large random numbers to establish a session, Chris's argument is against using hashes of non-random (even trivial) passwords. Marc
Received on Thursday, 10 April 2008 13:53:15 UTC