[erlang-questions] Erlang cookies are secure

Chandru chandrashekhar.mullaparthi@REDACTED
Fri Jun 10 12:54:23 CEST 2016


Hi Tony,

On 10 June 2016 at 11:14, Tony Rogvall <tony@REDACTED> wrote:

> Hi Chandru.
>
> I am not sure what you mean by sniff cookies?
>
> The distribution has been sending blank cookies since first open source
> release.
> The distribution do not send the cookie in clear text but rely on a MD5
> challenge procedure
> at connection setup.
>
> So Erlang is more likely to be vulnerable to connection hijacking since
> not every message
> is signed.
>

Hmm...that is strange. My memory tells me that I saw the cookie while
examining packet captures a long time ago - I could be mistaken. I'll go
read the source again - thanks for correcting me.

cheers,
Chandru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160610/580a2f6c/attachment.htm>


More information about the erlang-questions mailing list