[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: what data transmission with tor is a security risk ?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: what data transmission with tor is a security risk ?
From: "Brendan Dolan-Gavitt" <mooyix@xxxxxxxxx>
Date: Fri, 18 Aug 2006 10:52:17 -0400
Cc: or-talk <or-talk@xxxxxxxx>
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Fri, 18 Aug 2006 10:52:26 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=N3X1l7Y5FS6bKt7X/zcZvGwC6xvfKxq8bA/BYRc3/RY/t6rhbYDh1cokWwmCC+coYJoQV8LEOmwpjCev63O/MBOhWCOhwCFgxy5Vl19AT1L0BYimK1rr3NAHwPm2Eouny236qyhbNE+o8wyyl0kRa1zY6HBfblhYOxqRPichQG8=
In-reply-to: <20060818123008.c129d0f8.arichy@fernmeldung.de>
References: <20060818123008.c129d0f8.arichy@fernmeldung.de>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 8/18/06, Arichy <arichy@xxxxxxxxxxxxxx> wrote:

[...]
I think with .htaccess authentication the passwort is transmitted
encrypted? But if the Password is weak, the sniffer can easily do an
brute force attack at home...


It depends on the authentication scheme used--Basic authentication
just sends the username and password encoded in base64, and is
basically as bad as plaintext auth. If the server uses digest
authentitication, however, you're correct.

-Brendan

References:
- what data transmission with tor is a security risk ?
  - From: Arichy

Prev by Author: Re: Could i use tor to login Paypal?
Next by Author: Re: Tor and Google Image search
Previous by thread: Re: what data transmission with tor is a security risk ?
Next by thread: A brief response on TRUTHWORTHY
Index(es):
- Author
- Thread