Y
Hacker News
new
|
ask
|
show
|
jobs
by
aw3c2
5976 days ago
This includes the login I guess...
1 comments
philfreo
5976 days ago
can someone confirm that login info is sent in the clear? that's pretty terrible.
link
kam
5976 days ago
They claim they're using DIGEST-MD5, so not quite plaintext, but a broken hash algorithm
http://www.facebook.com/help/?faq=16742
http://www.facebook.com/help/?faq=16741
link
j0
5976 days ago
yep. they could have at least supported SASL to have the login info encrypted and then transport the rest of the stream unencrypted, but they did not.
link