Re: Ring: Alpha Test Application Form (by Xavier Antoviaque)
Posted: Fri Apr 07, 2006 8:05 pm
I would say it very likely is not, it's on an HTTP server, the form submission is plain text, the authenticated session token thingy sent back in the cookie header is hashed however, so once you have logged in once, you're dealing with very very moderate encryption.khyle wrote:aye, at least the forum password is hashed (read: "weakly encrypted")
To actually 'man in the middle' or sniff the password as it is submitted by HTTP you actually have to sit 'on' or fake being on the subnets at either end, you may be able to do that by fooling a router midway.. not too sure to be hones there, so if you use wi-fi at home, you're taking a big chance, NEVER use a wifi hub with no authentication to access anything with username/passwords, unless you know there's encryption involved (HTTPS).
HTTPS is pretty darn secure, usually the stealing of identies isn't done by sniffing or man in the middle as much as it is either bad security on WIFI networks, or phishing.. hmm i was phished by the official site? lol just teasin, i figure it's safe enough.. unless someone starts posting as me and saying really weird things about wi-fi encryption or other geekiness i think i'm ok .