RE: Summary of Responses to Passwords in the Clear from Web SCWorking Group

Dan Connolly:

| > The bulk of Chris Drake's message:
| [... seems to be about dictionary attacks ...]
| OK, but how is SSL not vulnerable to the same dictionary attacks?

SSL uses large random numbers to establish a session, Chris's argument is
against using hashes of non-random (even trivial) passwords.


Received on Thursday, 10 April 2008 13:53:15 UTC