Yes the ssl session is set up prior to exchanging keyboard input. When in doubt as if
you are actually in a ssl session, as if a regular session has switched over to ssl,
look to see if https shows in the address bar and if the padlock shows in the lower
right hand corner that you can click to see certificate for the site. --- Steve
Interestingly enough, SSL *may* encrypt passwords. Generally the answer to
your question is yes, but SSL allows for NULL cipher. To ensure the data is
actually encrypted, mouse over the lock and make sure it says "40 bit" or
"128 bit"
