On Sun, Jul 31, 2005 at 07:36:16PM +0200, jonathan gonzalez wrote: > SSL/TLS is the socket/transport layer security and auth digest is a > challenge-response process usig no-clear text credentials. How? The most > of the web explorers can pass credentials from forms to the server > either in clear text or hashed (MD5), and my propose was do it hashed. But if everything's already encrypted with SSL, then it doesn't matter if the credentials go over the wire in the clear, right? They go over as cleartext, but cleartext embedded in an encrypted stream. If they go over hashed as MD5, that's encrypted MD5 atop encrypted SSL -- redundant encryption. No? -- Stephen R. Laniel steve@laniels.org +(617) 308-5571 http://laniels.org/ PGP key: http://laniels.org/slaniel.key
Attachment:
signature.asc
Description: Digital signature