Results 1 to 10 of 10

Thread: Https

  1. #1
    Senior Member
    Join Date
    Jun 2004
    Posts
    379

    Https

    HTTPS when you use that how secure is the encryption that it is sent it? is it possible to break it?

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    Heya,

    HTTPS is based on the SSL (secure sockets layer). Instead of me going into a lot of detail here, I'll link you to a site that has more information on it: http://support.microsoft.com/default...;EN-US;q245152

    Now, as for is it possible to break it, I'll give you a generic answer: NOTHING is unbreakable. Is it easy? No.

    Hope this helps mate. If you have any more specific questions feel free to ask.

  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    Thank you for the link.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Now, as for is it possible to break it, I'll give you a generic answer: NOTHING is unbreakable. Is it easy? No.
    Uh... depending on the version, it's actually scarily easy. Ettercap does it surprisingly well on SSL-1 and I think SSL-2 (not sure on that one). It will also hit SSH-1 (reason why I force SSH2 usage on my students).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Senior Member
    Join Date
    Jul 2001
    Posts
    420
    I always figured the US govn't let companies export 128 bit encryption packages because they could break anything encrypted at that level. Maybe I'm just a cynic . . .

    Cheers,
    -D
    If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
    -- former White House cybersecurity adviser Richard Clarke

  6. #6
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    wow thanks for the information MsMittens and i have one more question how could i tell if it is ssl-1 or ssl-2 just from looking at the site.

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    HTTPS can support loads of different ciphers, possibly with different session key sizes.

    Firstly, you need to realise that the "strength" is based on the size of the session keys, not the certificates' private keys (which are typically at least 512 bit as it's asymmetric).

    The session keys are what the data are encrypted with. If you run a HTTPS web server, you can enable or disable specifc ciphers or key-lengths. Some ciphers are supposedly stronger than others.

    The web browser and server negotiate a compatible cipher at session start time, I'm not sure how. Perhaps they choose using some sort of preference order.

    In most web browsers you can see which cipher and key length has been chosen for a given session.

    Slarty

  8. #8
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    thanls for your information i didnt know that.

  9. #9
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    HTTPS when you use that how secure is the encryption that it is sent it? is it possible to break it?
    Next time you acess a website that uses the HTTPS protocol. (secure) Go up to File, then properties. It will display the Encryption used by Internet Explorer which is;

    SSL 3.0 RC4 with 128 bit encryption {high} RSA with 1024bit exchange. To brake this type of encryption it will be a very daunting task and very time consuming You should check this out on a side note;

    http://www.secinf.net/misc/The_IT_Se...chanisms_.html



    Hope this helps.

  10. #10
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    Thank for the info nice link will be reading it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •