Https

Printable View

December 9th, 2004, 02:18 AM
Riot

Https

HTTPS when you use that how secure is the encryption that it is sent it? is it possible to break it?
December 9th, 2004, 07:08 AM
jehnx

Heya,

HTTPS is based on the SSL (secure sockets layer). Instead of me going into a lot of detail here, I'll link you to a site that has more information on it: http://support.microsoft.com/default...;EN-US;q245152

Now, as for is it possible to break it, I'll give you a generic answer: NOTHING is unbreakable. Is it easy? No.

Hope this helps mate. If you have any more specific questions feel free to ask.
December 9th, 2004, 01:17 PM
Riot

Thank you for the link.
December 9th, 2004, 01:25 PM
MrLinus

Quote:

Now, as for is it possible to break it, I'll give you a generic answer: NOTHING is unbreakable. Is it easy? No.

Uh... depending on the version, it's actually scarily easy. Ettercap does it surprisingly well on SSL-1 and I think SSL-2 (not sure on that one). It will also hit SSH-1 (reason why I force SSH2 usage on my students).
December 9th, 2004, 06:22 PM
dspeidel

I always figured the US govn't let companies export 128 bit encryption packages because they could break anything encrypted at that level. Maybe I'm just a cynic . . .

Cheers,
-D
December 10th, 2004, 03:25 AM
Riot

wow thanks for the information MsMittens and i have one more question how could i tell if it is ssl-1 or ssl-2 just from looking at the site.
December 10th, 2004, 10:27 AM
slarty

HTTPS can support loads of different ciphers, possibly with different session key sizes.

Firstly, you need to realise that the "strength" is based on the size of the session keys, not the certificates' private keys (which are typically at least 512 bit as it's asymmetric).

The session keys are what the data are encrypted with. If you run a HTTPS web server, you can enable or disable specifc ciphers or key-lengths. Some ciphers are supposedly stronger than others.

The web browser and server negotiate a compatible cipher at session start time, I'm not sure how. Perhaps they choose using some sort of preference order.

In most web browsers you can see which cipher and key length has been chosen for a given session.

Slarty
December 11th, 2004, 04:07 AM
Riot

thanls for your information i didnt know that.
December 13th, 2004, 02:32 AM
Computernerd22

Quote:

HTTPS when you use that how secure is the encryption that it is sent it? is it possible to break it?

Next time you acess a website that uses the HTTPS protocol. (secure) Go up to File, then properties. It will display the Encryption used by Internet Explorer which is;

SSL 3.0 RC4 with 128 bit encryption {high} RSA with 1024bit exchange. To brake this type of encryption it will be a very daunting task and very time consuming You should check this out on a side note;

http://www.secinf.net/misc/The_IT_Se...chanisms_.html

Hope this helps.
December 13th, 2004, 04:46 AM
Riot

Thank for the info nice link will be reading it.