how secure are https sites over wireless at a public library ?

if I type in a password over a https site at the library wireless
network , how easy would it be for someone to get my password ?

Impossible.

https connections are SSL secured between you and the web server and
anybody intercepting the communication would be unable to decrypt the
data so you can use a public hotspot to go on secure sites (though make
sure it is actually secure as people can hijack routers and serve up a
fake but non-secure version of PayPal).
http://wi-fi-hotspot.blogspot.com http://thehackman.blogspot.com
http://adsensical-adsense.blogspot.com

> Impossible.

Not quite.

> https connections are SSL secured between you and the web server and
> anybody intercepting the communication would be unable to decrypt the
> data so you can use a public hotspot to go on secure sites (though make

In general yes I agree with your sentiment that it's secure but SSL is
susceptible to a man in the middle attack. The OP would need to ensure
that the certificate matched that of the site and was thus the correct
certificate.

Second and yes i'm being picky here, the SSL is not necessarily between
client and web server. The chain can be broken. For example with
Microsoft ISA server, it's common practice to import the web servers
certificate into ISA server since it's actually ISA server that's
publishing the web site. It can be the same or a different or no
certificate at all used between ISA and the actual web server.

In other words, depending on the configuration of the site, the SSL
session exists between the client and the public facing server, the
internal communications between the ISA server and web server can be
normal HTTP and thus available for sniffing on the internal LAN.
Accepted this is not where the major thread would be expected and it
would be a poorly configured system but it can be set up this way.

David.