Another entry in the internet security hall of shame....
Tim Dierks
tim at dierks.org
Wed Aug 24 13:48:47 EDT 2005
[resending due to e-mail address / cryptography list membership issue]
On 8/24/05, Ian G <iang at systemics.com> wrote:
> Once you've configured iChat to connect to the Google Talk service, you may
> receive a warning message that states your username and password will be
> transferred insecurely. This error message is incorrect; your username and
> password will be safely transferred.
iChat pops up the warning dialog whenever the password is sent to the
server, rather than used in a hash-based authentication protocol.
However, it warns even if the password is transmitted over an
authenticated SSL connection.
I'll leave it to you to decide if this is:
- an iChat bug
- a Google security problem
- in need of better documentation
- all of the above
- none of the above
- Tim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list