On Thu, 2008-04-10 at 15:54 +0200, Marc de Graauw wrote: > Dan Connolly: > > | > The bulk of Chris Drake's message: > | [... seems to be about dictionary attacks ...] > | > | OK, but how is SSL not vulnerable to the same dictionary attacks? > > SSL uses large random numbers to establish a session, Chris's argument is > against using hashes of non-random (even trivial) passwords. Digest uses a nonce similarly, no? -- Dan Connolly, W3C http://www.w3.org/People/Connolly/ gpg D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29EReceived on Thursday, 10 April 2008 15:12:15 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:56:14 GMT