[erlang-questions] Erlang cookies are secure
Fri Jun 10 12:54:23 CEST 2016
On 10 June 2016 at 11:14, Tony Rogvall <tony@REDACTED> wrote:
> Hi Chandru.
> I am not sure what you mean by sniff cookies?
> The distribution has been sending blank cookies since first open source
> The distribution do not send the cookie in clear text but rely on a MD5
> challenge procedure
> at connection setup.
> So Erlang is more likely to be vulnerable to connection hijacking since
> not every message
> is signed.
Hmm...that is strange. My memory tells me that I saw the cookie while
examining packet captures a long time ago - I could be mistaken. I'll go
read the source again - thanks for correcting me.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions