is https safe?

NoMoreOptions · Feb 15, 2005

in my opinion, it can't be. if all the traffic are sniffed and logged, why can't the entire encrypted messaged get replayed and decrypted by those who want to? prove me right.

Xenia · Feb 15, 2005

I donÂ´t care ...

I use strong authentication (w/ SafeWordÂ®).

www.securecomputing.com/media/flash/sword_token.html

CommunistMonkey · Feb 15, 2005

SSL can be broken, but it's generally more effort than it's worth. When Netscape and IE first came out, they only had 40 bit keys which could be cracked by brute force in around 4 hours with 250 networked computers.

Most SSL keys these days are 128 bit and much harder to crack. Some websites that are trying to get people to use credit cards on the internet claim it will take longer than the age of the universe to crack 128-bit encyption, but that's probably incorrect. At some point it will be fairly easy to crack it, but whether that's 50 years from now or 100, doesn''t much matter - it's very difficult today.

Consequently, it's not worth anyone's time to try to steal your SSL data (usually a credit card) today, especially when there are any number of other scams where you can get someone's credit card much easier (usually by some sort of scam.) It's much like "the club" for cars - it can be defeated but why bother if the next car doesn't have one and is much easier to steal.

lilboy716 · Feb 15, 2005

SSL uses public key encryption algorithm to exchange a symetric session key. then the symetric sessoin key is used for the rest of the session.

nothing is safe 100% that's why you see many new encryption algoirthms coming onto mainstream market. DES 56bits used to be the standard, it was infeasible to crack it back in the days because of limited computing power. now even 128bits can be cracked by a computer farm in matter of days. currently the move is towards 1024. It's a matter of time before computing power catchs up and made 1024 obsolete.

most keys issued by trusted authorities like versign is 256. you can, however generate keys with 1024bits key length and use it on your own webserver.

Quote from NoMoreOptions:

in my opinion, it can't be. if all the traffic are sniffed and logged, why can't the entire encrypted messaged get replayed and decrypted by those who want to? prove me right.
More...

misctrader · May 17, 2005

Quote from lilboy716:

SSL uses public key encryption algorithm to exchange a symetric session key. then the symetric sessoin key is used for the rest of the session.

nothing is safe 100% that's why you see many new encryption algoirthms coming onto mainstream market. DES 56bits used to be the standard, it was infeasible to crack it back in the days because of limited computing power. now even 128bits can be cracked by a computer farm in matter of days. currently the move is towards 1024. It's a matter of time before computing power catchs up and made 1024 obsolete.

most keys issued by trusted authorities like versign is 256. you can, however generate keys with 1024bits key length and use it on your own webserver.
More...

so, if one uses https://mail.yahoo.com

does this mean your company can't read your email or is it still possible?

just wondering...

Log in or Sign up

is https safe?

NoMoreOptions

Xenia

CommunistMonkey

lilboy716

misctrader