On Mon, 13 Mar 2006 14:49:45 EST, Tim said: > The issue brought up has to do with authentication, not encryption. > Authentication has to be good, or else encryption is 100% worthless.
Actually, encryption can do some good, even in the absence of authentication. Even if the remote end is totally unauthenticated, you have at least guaranteed that nobody is doing any passive sniffing of the content in transit. You've at least forced an attacker to mount an active MitM attack, which is both more challenging and has a higher risk of detection....
pgpDJdcK8OkTE.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/