SSL vs. TLS: The Future of Data Encryption

Status
Not open for further replies.

MajinCry

Distinguished
Dec 8, 2011
77
0
18,580
There is plenty that users can do to stop the NSA, just nothing that can be achieved by sitting in your chair.

Hell, get a bunch of people, go up to the NSA's HQ and burn it to the ground; workers and all.

Sure, that's only one head of the Hydra, but ya gotta start somewhere.
 

koga73

Distinguished
Jan 23, 2008
183
0
18,630
Bah the problem with BOTH is the handshake. If the traffic goes through an NSA server then they have the handshake which means they have the decryption keys. From this point its pretty easy to get the plain-text message.
 

agnickolov

Distinguished
Aug 10, 2006
147
0
18,630
While SSL/TLS can be used with certificates on both ends, in practice this is very very rare. Servers typically don't care who their clients are thus they don't request client certificates. This is actually a good thing, otherwise the system would be unusable by the average user. Not to mention the client costs to maintain a certificate would make it financially completely impractical.

As far as snooping the SSL handshake, that won't gain you anything unless you know how to break the underlying cipher or have the server private key already. As mentioned in a few recent articles already, the underlying AES cipher is still mathematically sound, though the older 128 bit keys slowly get less and less secure primarily through computational advances enabling brute force attacks. I expect 128-bit AES to be completely replaced within 10 years with more critical deployments already switching to 256-bit keys.
 

ammaross

Distinguished
Jan 12, 2011
22
0
18,560
"As far as snooping the SSL handshake, that won't gain you anything unless you know how to break the underlying cipher or have the server private key already."

According to the reports, that is EXACTLY how the NSA has "hacked" SSL: by obtaining the private keys through force or subterfuge (you think China is the only country to hack American companies?).
 

dark_knight33

Distinguished
Aug 16, 2006
128
0
18,630
@MajinCry

I live within view of Fort Meade, aka NSA HQ. It's not one building, it's a compound. Your choice of entrances are either Military guard posts at FT Meade's front gates, or off-ramps from local highways that are guarded 24x7 by MD state troopers. You wouldn't make it close enough to do anything of consequence.

The NSA is no joke. Given the current climate of fear and paranoia out there by both the populace and especially the NSA, I wouldn't make even moderately threatening statements towards them, lest you get labeled a domestic terrorist.
 
Status
Not open for further replies.