On Mon, Nov 15, 2010 at 8:31 AM, Ashish Verma <ilu...@gmail.com> wrote:
> Hi, > > I want to know if it is possible for someone to gain access to resources if > they capture a person's encrypted password. > > For Eg: > > Gmail uses https once the authentication process starts. This is basically > to ensure that if anyone is listening on the network he gets garbled text. > So if a person is able to emulate the session and send the encrypted > password with my user-id... will he gain access to my gmail account? > In https, the entire session is encrypted -not the individual fields. So you cannot see what the password field's value is. As for a person submitting stolen encrypted data, even if the server returns something, he cannot do much with it because he will not have the key to unencrypt it. Though am not sure if the server will even respond - just thinking aloud! regds, mano -- Computers are useless. They can only give you answers. -- Pablo Picasso _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
