CGI question: safe passwords possible?

[Paul Rubin]

Gerhard Häring <gh at ghaering.de> writes:
> This does help how against mitm attacks? 

The question wasn't about mitm attacks, it was about passive eavesdropping.

> What's wrong with using the tool designed for this job (HTTP authentication)?

HTTP authentication doesn't help against mitm attacks either.  Even
HTTP Auth over SSL doesn't help against MITM attacks, when you
consider that nobody ever bothers examining certificates or even
making sure the domain displayed in the nav bar is one that they
expect to see there.

Have you ever heard of anyone actually using an MITM against an
unsuspecting web user?  It's probably happened at one time or another,
but it's quite rare.