You probably already realize this, but "foo" would of course in practice be some other string, like the name of the admins daughter or something else which is likely to be used both as a secret and occur in non-secret contexts as well.
I did not intend it as a means for "dictionary attack", but as a way of _accidentaly_ gaining this information. "Opportunity makes the thief", no?
/ Marcus Comstedt (ACROSS) (Hail Ilpalazzo!)
Previous text:
2003-01-30 16:02: Subject: Re: OpenSSL wrapper vs Pike's SSL (Was: Bz2)
Well, that's no leak, because everybody already knows that in every webserver "foo" is used as a password somewhere by somebody. ;-)
You do have a point, even if it's not a terribly efficient way to perform a dictionary attack.
/ Niels Möller ()