-
December 9th, 2004, 02:18 AM
#1
Https
HTTPS when you use that how secure is the encryption that it is sent it? is it possible to break it?
-
December 9th, 2004, 07:08 AM
#2
Heya,
HTTPS is based on the SSL (secure sockets layer). Instead of me going into a lot of detail here, I'll link you to a site that has more information on it: http://support.microsoft.com/default...;EN-US;q245152
Now, as for is it possible to break it, I'll give you a generic answer: NOTHING is unbreakable. Is it easy? No.
Hope this helps mate. If you have any more specific questions feel free to ask.
-
December 9th, 2004, 01:17 PM
#3
-
December 9th, 2004, 01:25 PM
#4
Now, as for is it possible to break it, I'll give you a generic answer: NOTHING is unbreakable. Is it easy? No.
Uh... depending on the version, it's actually scarily easy. Ettercap does it surprisingly well on SSL-1 and I think SSL-2 (not sure on that one). It will also hit SSH-1 (reason why I force SSH2 usage on my students).
-
December 9th, 2004, 06:22 PM
#5
I always figured the US govn't let companies export 128 bit encryption packages because they could break anything encrypted at that level. Maybe I'm just a cynic . . .
Cheers,
-D
If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke
-
December 10th, 2004, 03:25 AM
#6
wow thanks for the information MsMittens and i have one more question how could i tell if it is ssl-1 or ssl-2 just from looking at the site.
-
December 10th, 2004, 10:27 AM
#7
HTTPS can support loads of different ciphers, possibly with different session key sizes.
Firstly, you need to realise that the "strength" is based on the size of the session keys, not the certificates' private keys (which are typically at least 512 bit as it's asymmetric).
The session keys are what the data are encrypted with. If you run a HTTPS web server, you can enable or disable specifc ciphers or key-lengths. Some ciphers are supposedly stronger than others.
The web browser and server negotiate a compatible cipher at session start time, I'm not sure how. Perhaps they choose using some sort of preference order.
In most web browsers you can see which cipher and key length has been chosen for a given session.
Slarty
-
December 11th, 2004, 04:07 AM
#8
thanls for your information i didnt know that.
-
December 13th, 2004, 02:32 AM
#9
HTTPS when you use that how secure is the encryption that it is sent it? is it possible to break it?
Next time you acess a website that uses the HTTPS protocol. (secure) Go up to File, then properties. It will display the Encryption used by Internet Explorer which is;
SSL 3.0 RC4 with 128 bit encryption {high} RSA with 1024bit exchange. To brake this type of encryption it will be a very daunting task and very time consuming You should check this out on a side note;
http://www.secinf.net/misc/The_IT_Se...chanisms_.html
Hope this helps.
-
December 13th, 2004, 04:46 AM
#10
Thank for the info nice link will be reading it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|