W3C home > Mailing lists > Public > www-tag@w3.org > April 2008

RE: Summary of Responses to Passwords in the Clear from Web SCWorking Group

From: Marc de Graauw <marc@marcdegraauw.com>
Date: Thu, 10 Apr 2008 15:54:36 +0200
To: "'Dan Connolly'" <connolly@w3.org>, "'David Orchard'" <dorchard@bea.com>
Cc: <www-tag@w3.org>
Message-ID: <AAE87CE85FB446BA969CC4B015C5C12E@Marc>

Dan Connolly:

| > The bulk of Chris Drake's message:
| [... seems to be about dictionary attacks ...]
| OK, but how is SSL not vulnerable to the same dictionary attacks?

SSL uses large random numbers to establish a session, Chris's argument is
against using hashes of non-random (even trivial) passwords.

Received on Thursday, 10 April 2008 13:53:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:20 UTC