2
1
I know a packet sniffer is really powerful. It can sniff out password and images and so on. Can it sniff URL too? Meaning, if I put my authentication in URL instead of a cookie, will sniffer be able to obtain the authenticated session ID from the URL? What about hidden value in form based authentication? Are they all open to sniffer attacks?
Bascially there is no security in public network (non-https non-ssh)? Not sure how https can be safe as well. I mean, the first handshake attempt will already be sniffed before connection is established. Not sure how safe that would be.
Thank you.
Just to clarify - you mean "it's very CPU intensive to break public-key encrypted content", don't you? – Will A – 2010-08-20T23:06:31.980
Unless the person configuring it makes a serious mistake, I wouldn't use the phrase "very CPU intensive" to describe how challenging it would be to break SSL encryption. I would say "functionally impossible". The problem is on the order of decades or much much more of computer time. – Slartibartfast – 2010-08-21T05:11:13.923