[prev in list] [next in list] [prev in thread] [next in thread]
List: kopete-devel
Subject: [kopete-devel] Security of authentication schemes (for MITM attacks)
From: Dizzy <dizzy () roedu ! net>
Date: 2007-11-26 11:29:00
Message-ID: 200711261329.00081.dizzy () roedu ! net
[Download RAW message or body]
Hello
Lets assume that someone can sniff and modify and control all your Internet
traffic (say if you are using tor and such). I am interested to know what is
the security against such problems of authentication schemes used in kopete
for ICQ/AOL/YM/MSN/Jabber protocols. I understand this does not depend much
on kopete and alot of the protocol itself and also that the conversations
themselves may not be secure if not using an encryption for the conversations
too. However, I am only interested in the security of the authentication
(from the perspective, can the MITM find out my password or enough
information so she could login instead of me with my account?)
My Jabber needs are for google talk and as I can see so far it uses SSL so
that should be covered at least. Also some good soul from freenode/#kopete
said that MSN does use some kind of challenge based auth (so apparently
immune to MITM account takeover) so that should be solved too. What about the
rest?
Thank you!
--
Mihai RUSU Email: dizzy@roedu.net
"Linux is obsolete" -- AST
_______________________________________________
kopete-devel mailing list
kopete-devel@kde.org
https://mail.kde.org/mailman/listinfo/kopete-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic