Re: [ilugc] Encrypted password captured when "listening on network"

On Tue, Nov 16, 2010 at 8:53 PM, Aanjhan R wrote: > In short you are OK *in general*. But then one can do slightly > sophisticated attacks. IMO security is always an illusion :) Commercial proxy/content-filtering solutions use SSL proxy (fancy word for a man-in-the-middle-attack) and break open H

Re: [ilugc] Encrypted password captured when "listening on network"

On Mon, Nov 15, 2010 at 4:01 AM, Ashish Verma wrote: > I want to know if it is possible for someone to gain access to resources if > they capture a person's encrypted password. It depends on the protocol. If its a very simple protocol where the initial authentication between the server and the cl

Re: [ilugc] Encrypted password captured when "listening on network"

On Monday 15 November 2010 10:44 AM, Parikshith Mechineni wrote: Gmail uses https all the time by default, Here is the gmail help file for https-always Oops, sorry about that - looks like I missed this change. Vamsee. __

Re: [ilugc] Encrypted password captured when "listening on network"

On Mon, 2010-11-15 at 10:44 +0530, Parikshith Mechineni wrote: > Gmail uses https all the time by default, > Here > is > the gmail help file for https-always kindly avoid bottom posting -- regards KG http://lawgon.livejournal.com

Re: [ilugc] Encrypted password captured when "listening on network"

On Mon, Nov 15, 2010 at 10:29 AM, Vamsee Kanakala wrote: > On Monday 15 November 2010 09:13 AM, Manokaran K wrote: > >> On Mon, Nov 15, 2010 at 8:31 AM, Ashish Verma wrote: >> >> Hi, >>> >>> I want to know if it is possible for someone to gain access to resources >>> if >>> they capture a person

Re: [ilugc] Encrypted password captured when "listening on network"

On Monday 15 November 2010 09:13 AM, Manokaran K wrote: On Mon, Nov 15, 2010 at 8:31 AM, Ashish Verma wrote: Hi, I want to know if it is possible for someone to gain access to resources if they capture a person's encrypted password. In https, the entire session is encrypted -not the individ

Re: [ilugc] Encrypted password captured when "listening on network"

On Mon, Nov 15, 2010 at 8:31 AM, Ashish Verma wrote: > Hi, > > I want to know if it is possible for someone to gain access to resources if > they capture a person's encrypted password. > > For Eg: > > Gmail uses https once the authentication process starts. This is basically > to ensure that if a

[ilugc] Encrypted password captured when "listening on network"

Hi, I want to know if it is possible for someone to gain access to resources if they capture a person's encrypted password. For Eg: Gmail uses https once the authentication process starts. This is basically to ensure that if anyone is listening on the network he gets garbled text. So if a person