|
If you are concerned about local cinference participants sniffing Bob's password, you might also be concerned that they intercept his packets and just modify the contents of his posts.
The attack looks something like this: Advertise a wireless network with the same name as the conference's wireless net. Get Bob to obtain DHCP from your fake net, but route it to the Internet. Now you can modify the content of Bob's posts.
The value of content-md5 or content-sha should be part of the computed passworddigest.
|
Previous Message
