> except for that SSH uses RSA, which uses a public and private key. If the > password is encrypted during the transfer to the site, and can only get > decrypted there, then it can't possibly be sniffed with some computer > inbetween, can it?
Well that may be true, but we weren't talking about SSH. The original thread is about SSL and Basic Auth credentials. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
