Date: Tue, 14 Mar 2000 17:07:04 +1100 (EST) From: Sean Winn <sean@gothic.net.au> To: Chris Cook <ccook@tcworks.net> Cc: Leif Neland <leif@neland.dk>, freebsd-isp@FreeBSD.ORG Subject: Re: Is passwords send to auth webpages secure? Message-ID: <Pine.BSF.4.21.0003141703560.39160-100000@vampire.gothic.net.au> In-Reply-To: <38CDD173.EEB690BD@tcworks.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 13 Mar 2000, Chris Cook wrote: > Leif Neland wrote: > > > > > > Now I have been asked if the passwords from browser to squid is sent in > > cleartext, so it can be sniffed? > > I have tried sniffing passwords like this before as a test, and they > always showed up as scrambled (unreadable). I am assuming that my > browser (Netscape 4.6/FreeBSD) was using some sort of mild encryption to > send the username/login. More info on this would be neat, but you > should invest in some switches anyways. Hasto... Basic authentication is base-64 encoded, which isn't exactly difficult to descrypt. Effectively it's cleartext. NTLM authentication uses challenge/response, but squid doesn't support that (there were old patches for it available, but they were a work in progress, and not ready for real use); the only browsers/proxies I know of that support it are IE and MS-Proxy; I expect FrontPage when functioning as a web client would support it as well. > > -- > Chris > > o----< ccook@tcworks.net >----------------------------------------o > |Chris Cook - Technician | TCWORKS.NET - http://www.tcworks.net | > |The Computer Works | FreeBSD - http://www.freebsd.org | > o-----------------------------------------------------------------o > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- Sean Winn email: sean@gothic.net.au All opinions valued at $0.02, and not subject to inflation. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003141703560.39160-100000>