W3C home > Mailing lists > Public > www-tag@w3.org > April 2008

RE: Summary of Responses to Passwords in the Clear from Web SCWorking Group

From: Dan Connolly <connolly@w3.org>
Date: Thu, 10 Apr 2008 10:11:48 -0500
To: Marc de Graauw <marc@marcdegraauw.com>
Cc: 'David Orchard' <dorchard@bea.com>, www-tag@w3.org
Message-Id: <1207840308.30248.217.camel@pav.lan>

On Thu, 2008-04-10 at 15:54 +0200, Marc de Graauw wrote:
> Dan Connolly:
> 
> | > The bulk of Chris Drake's message:
> | [... seems to be about dictionary attacks ...]
> | 
> | OK, but how is SSL not vulnerable to the same dictionary attacks?
> 
> SSL uses large random numbers to establish a session, Chris's argument is
> against using hashes of non-random (even trivial) passwords.

Digest uses a nonce similarly, no?



-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
gpg D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
Received on Thursday, 10 April 2008 15:12:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:55 GMT