My ExcludeNodes list...post yours

Paul Syverson syverson at itd.nrl.navy.mil
Fri Aug 18 12:25:29 UTC 2006


On Fri, Aug 18, 2006 at 12:12:15PM +0300, M wrote:
> 
> Yeah. Clear authentication isn't safe anywhere. I use cleartext
> authentication only for some "must-register" websites. Encrypting
> authentication has no point if rest of the communication is unencrypted.
> 

Depending on what constitutes authentication (and encryption).  If the
encryption adds integrity to the authentication (if not there already)
and prevents an eavesdropper from being able to trivially learn what
is needed to masquerade as you, then it has value against adversaries
not sophisticated enough or motivated enough for stream
hijacking. Good enough for many purposes. But in principle and
for more sensitive usage your point is well taken, thus worth raising.

aloha,
Paul
-- 
Paul Syverson                              ()  ascii ribbon campaign  
Contact info at http://www.syverson.org/   /\  against html e-mail



More information about the tor-talk mailing list