W3C home > Mailing lists > Public > www-tag@w3.org > April 2008

RE: Summary of Responses to Passwords in the Clear from Web SCWorking Group

From: Marc de Graauw <marc@marcdegraauw.com>
Date: Thu, 10 Apr 2008 15:54:36 +0200
To: "'Dan Connolly'" <connolly@w3.org>, "'David Orchard'" <dorchard@bea.com>
Cc: <www-tag@w3.org>
Message-ID: <AAE87CE85FB446BA969CC4B015C5C12E@Marc>


Dan Connolly:

| > The bulk of Chris Drake's message:
| [... seems to be about dictionary attacks ...]
| 
| OK, but how is SSL not vulnerable to the same dictionary attacks?

SSL uses large random numbers to establish a session, Chris's argument is
against using hashes of non-random (even trivial) passwords.

Marc

Received on Thursday, 10 April 2008 13:53:15 GMT

This message: [ Message body ]
Next message: Dan Connolly: "RE: Summary of Responses to Passwords in the Clear from Web SCWorking Group"
Previous message: Richard Cyganiak: "Re: Announcement: "Cool URIs for the Semantic Web" - W3C SWEO IG Note"
In reply to: Dan Connolly: "RE: Summary of Responses to Passwords in the Clear from Web SCWorking Group"
Next in thread: Dan Connolly: "RE: Summary of Responses to Passwords in the Clear from Web SCWorking Group"
Reply: Dan Connolly: "RE: Summary of Responses to Passwords in the Clear from Web SCWorking Group"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:56:14 GMT