My $0.02:

>  this could lead companies... to deny the use of the program, due to
wrongly identifying Wireshark as a hacking tool.

Wireshark is already a "hacker tool" de facto, regardless of the fact that
it performs passive network analysis. The first two results for "hacker
tools" on Google list Wireshark as a key tool. If we are worried about
password extraction, this is already possible with Wireshark for plaintext
FTP passwords. I do not think that individuals making this decision will
change their mind based on this feature alone.

So far, no individuals have come forward stating that this will negatively
affect them (i.e. if you one of these people, please speak up!)

On Sat, Jun 15, 2019 at 9:57 AM Tomasz Moń <deso...@gmail.com> wrote:

> On Fri, Jun 14, 2019 at 10:27 PM Roland Knall <rkn...@gmail.com> wrote:
> > There is a patch currently waiting for inclusion. It would allow for
> dissectors to easily make credentials (username/password) available and
> present them in a tool window in Wireshark.
>
> I understand that you mean, that it'd be easy to present the
> credentials if the dissector is able to extract/derive the password.
> If the protocol is cryptographically secure, then without keys, the
> change in question won't have any impact, right?
>
> In other words, it is not about integrating some password cracking
> mechanism but rather API to simply present the decoded information?
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to