[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] How LDAP works with authentication

Subject: [ale] How LDAP works with authentication
From: meuon at geeklabs.com (Mike Harrison)
Date: Wed, 12 Oct 2005 21:24:23 -0400 (EDT)
In-reply-to: <[email protected]>

> The question here is what is safer.  Using SSL to transmit a plain-text
> password or using SSL to transmit a password that is MD5 encrypted.

I've seen LONG arguments on whether 'double encrypting' something
made it safer or not.. And you though the Vi/EMacs religious wars
are bad. 

My personal, non crypographically oriented mind says:

If you use SSL to transmit and MD5 encrypted string (password), 
and the SSL fails or it intercepted, or magically reverts to
plain text mode because something broke.. it's still in it's MD5 
state and will require some additional effort to crack.

References:
- [ale] How LDAP works with authentication
  - From: cfowler at outpostsentinel.com (Christopher Fowler)

Prev by Date: [ale] How LDAP works with authentication
Next by Date: [ale] How LDAP works with authentication
Previous by thread: [ale] How LDAP works with authentication
Next by thread: [ale] error>ELF file OS ABI invalid....huh ?
Index(es):
- Date
- Thread