3 Jan
2013
3 Jan
'13
8:36 a.m.
On 01/02/2013 09:14 PM, Damian Menscher wrote:
Back on topic: encryption without knowing who you're talking to is worse than useless (hence no self-signed certs which provide a false sense of security),
In fact, it's very useful -- what do you think the initial diffie-hellman exchanges are doing with pfs? Encryption without (strong) authentication is still useful for dealing with passive listening. It's a shame, for example, that wifi security doesn't encrypt everything on an open AP to require attacks be active rather than passive. It's really easy to just scan the airwaves, but I probably don't need to remind you of that. Mike