Y
Hacker News
new
|
ask
|
show
|
jobs
by
philfreo
5976 days ago
can someone confirm that login info is sent in the clear? that's pretty terrible.
2 comments
kam
5976 days ago
They claim they're using DIGEST-MD5, so not quite plaintext, but a broken hash algorithm
http://www.facebook.com/help/?faq=16742
http://www.facebook.com/help/?faq=16741
link
j0
5976 days ago
yep. they could have at least supported SASL to have the login info encrypted and then transport the rest of the stream unencrypted, but they did not.
link
http://www.facebook.com/help/?faq=16742
http://www.facebook.com/help/?faq=16741