W3C home > Mailing lists > Public > www-tag@w3.org > April 2008

RE: Summary of Responses to Passwords in the Clear from Web SCWorking Group

From: Marc de Graauw <marc@marcdegraauw.com>
Date: Thu, 10 Apr 2008 15:54:36 +0200
To: "'Dan Connolly'" <connolly@w3.org>, "'David Orchard'" <dorchard@bea.com>
Cc: <www-tag@w3.org>
Message-ID: <AAE87CE85FB446BA969CC4B015C5C12E@Marc>

Dan Connolly:

| > The bulk of Chris Drake's message:
| [... seems to be about dictionary attacks ...]
| 
| OK, but how is SSL not vulnerable to the same dictionary attacks?

SSL uses large random numbers to establish a session, Chris's argument is
against using hashes of non-random (even trivial) passwords.

Marc
Received on Thursday, 10 April 2008 13:53:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:55 GMT