As far as I can find out, the SSL handshake is being done before the basic
authentication credentials is passed through the network, so it will be
encrypted, and not possible to sniff. Can anybody please confirm that?
Best regards
Paw Pedersen
Your understanding is correct - traffic is encrypted prior to any
transmission of credentials in the HTTP entity.
Depending on the key strength of your asymmetric and then session keys, it
may be possible to brute force the encrypted packets after they have been
sniffed.
Cheers
Ken
"Paw Pedersen"
news:uH0Lrl9wHHA.4736@TK2MSFTNGP04.phx.gbl...
> As far as I can find out, the SSL handshake is being done before the basic
> authentication credentials is passed through the network, so it will be
> encrypted, and not possible to sniff. Can anybody please confirm that?
>
> Best regards
> Paw Pedersen
>