Msg by: [<- thread ->] [<- time ->] [<- author ->] | [Threads] [Home]

nanogui@linuxhacker.org

nanogui@linuxhacker.org

Subject: Re: Access control
From: Alex Holden
Date: Thu, 14 Dec 2000 10:16:19 +0000 (GMT) 
On Thu, 14 Dec 2000, Alan Cox wrote:
> If the cracker can snoop the password he can do session takeover without
> starting a new session. So how does it help ?

I thought the cracker had to have control of an intermediate router to
do that (as opposed to just being able to listen to the traffic on the
line)?

So you're saying that all the existing protocols which use hashed or
encrypted authentication but not actual session encryption (kerberos,
etc.) are no better than ones which use plaintext authentication?

-- 
------- Alex Holden -------
http://www.linuxhacker.org/
 http://www.robogeeks.org/
Msg by: [<- thread ->] [<- time ->] [<- author ->] | [Threads] [Home]

nanogui@linuxhacker.org

(c) 1999 Lin-De, Inc