[RC5] Security risks?

Greg Wooledge greg at wooledge.org
Wed Jan 17 19:19:33 EST 2001


Peter Cordes (peter at llama.nslug.ns.ca) wrote:

> dnetc can talk to keyservers on port 80, or even operate
> through an http proxy, if necessary.  If you need a password for the proxy,
> dnetc stores it encrypted in the config file.

Of course, if you use a password to talk to a web proxy, the password is
sent unencrypted over the network....  (HTTP authentication uses base64
to "encode" the username and password.  This is not encryption at all, and
can be trivially "decoded".)

But for all practical purposes, dnetc is equivalent to a closed-source
web browser.  It has no more security risks -- actually *fewer* security
risks, because it's simpler -- than Netscape or IE has.

-- 
*** Please note new address. -->  |  Greg Wooledge
                                  |  greg at wooledge.org
"Truth belongs to everybody."     |  http://wooledge.org/~greg/
  Red Hot Chili Peppers           |  old page: http://www.kellnet.com/wooledge/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : http://lists.distributed.net/pipermail/rc5/attachments/20010117/5065b4e3/attachment-0001.bin


More information about the rc5 mailing list