Quote:
Originally Posted by DoDDy
However, anyone with the know-how of obtaining your details would probably not bother with cracking PA to obtain them as there is no real financial gain from it.
|
The thing is that you don't need to crack PA in order to obtain unencrypted data from the datastream between the user and PA. You can use a simple packetsniffer to analyze the datapackets sent over the network. This is a practice that is commonly used on open and public (wireless) networks.
And given the fact that people allways use the same password (for reasons of ease) adding another 'fixed' field in the login process is frowned upon. Especially over unencrypted connections.