New Posts  All Forums:Forum Nav:

how secure is SSL?

post #1 of 6
Thread Starter 
I know a guy that use to work in an IT type job at ______ university. he says,
"by user agreement, users weren't authorized to use SSL because of blah blah blah..." from there, he talked about how he would take the key and somehow mess with the connection. I didn't follow exactly what he was talking about but it got me wondering. "how secure is SSL?"

I know that nothing is ever 100% secure given the resources but SSL is pretty common. what would it take for someone to break my connection? Would it need to be large scale like a state/FBI type thing, my local ISP or just your average tech junkie?
dBag
(9 items)
 
yep...
(10 items)
 
air
(8 items)
 
CPUMotherboardRAMHard Drive
xeon e3-1230v2 supermicro mbd x9scm-0 KVR1333D3E9S/4G OCZ vertex3 60GB 
CoolingOSPowerCase
1u 80mm blower + passive cpu  proxmox 3.1 supermicro 300w 1u supermicro 1u 
Other
2x intel pro1000 nics  
CPUMotherboardGraphicsRAM
A8-3870K @ 3.7GHz GIGABYTE A75M-UD2H Power Cooler 7870 Team Group Inc 
Hard DriveCoolingOSPower
3x OCZ Agility 3 60GB (RAID-0 on Rocket RAID 27... Corsair H-80 core win-7 Seagate 750 Gold 
CaseAudio
some lian-li case... M-Audio AV40s + 10" Sony ___? 
CPUMotherboardGraphicsRAM
D525 @ 1.8GHz Supermicro onboard 2x2GB DDR1333 
Hard DriveOSCaseOther
WD Green ubuntu 12 1u  3x40mm fans  
  hide details  
Reply
dBag
(9 items)
 
yep...
(10 items)
 
air
(8 items)
 
CPUMotherboardRAMHard Drive
xeon e3-1230v2 supermicro mbd x9scm-0 KVR1333D3E9S/4G OCZ vertex3 60GB 
CoolingOSPowerCase
1u 80mm blower + passive cpu  proxmox 3.1 supermicro 300w 1u supermicro 1u 
Other
2x intel pro1000 nics  
CPUMotherboardGraphicsRAM
A8-3870K @ 3.7GHz GIGABYTE A75M-UD2H Power Cooler 7870 Team Group Inc 
Hard DriveCoolingOSPower
3x OCZ Agility 3 60GB (RAID-0 on Rocket RAID 27... Corsair H-80 core win-7 Seagate 750 Gold 
CaseAudio
some lian-li case... M-Audio AV40s + 10" Sony ___? 
CPUMotherboardGraphicsRAM
D525 @ 1.8GHz Supermicro onboard 2x2GB DDR1333 
Hard DriveOSCaseOther
WD Green ubuntu 12 1u  3x40mm fans  
  hide details  
Reply
post #2 of 6
the only way i guess would be to bruteforce....and with that it would take so long since the key is 128 bit....

thats impossible....

there is 40 bit ssl but the US standard is 128 bit, 40 bit might be crackable if you got 500 computers working around the clock
post #3 of 6
Let's just say it's not really doable to crack the connection in-session, but if your connection is spoofed and you are stupid enough to click "accept untrusted certificate", yes, your data can be monitored or even manipulated.
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
post #4 of 6
Thread Starter 
Quote:
Originally Posted by citruspers View Post
Let's just say it's not really doable to crack the connection in-session, but if your connection is spoofed and you are stupid enough to click "accept untrusted certificate", yes, your data can be monitored or even manipulated.
yes, that's what he was talking about. so its accepting the "untrusted connections" that get you. thanks
dBag
(9 items)
 
yep...
(10 items)
 
air
(8 items)
 
CPUMotherboardRAMHard Drive
xeon e3-1230v2 supermicro mbd x9scm-0 KVR1333D3E9S/4G OCZ vertex3 60GB 
CoolingOSPowerCase
1u 80mm blower + passive cpu  proxmox 3.1 supermicro 300w 1u supermicro 1u 
Other
2x intel pro1000 nics  
CPUMotherboardGraphicsRAM
A8-3870K @ 3.7GHz GIGABYTE A75M-UD2H Power Cooler 7870 Team Group Inc 
Hard DriveCoolingOSPower
3x OCZ Agility 3 60GB (RAID-0 on Rocket RAID 27... Corsair H-80 core win-7 Seagate 750 Gold 
CaseAudio
some lian-li case... M-Audio AV40s + 10" Sony ___? 
CPUMotherboardGraphicsRAM
D525 @ 1.8GHz Supermicro onboard 2x2GB DDR1333 
Hard DriveOSCaseOther
WD Green ubuntu 12 1u  3x40mm fans  
  hide details  
Reply
dBag
(9 items)
 
yep...
(10 items)
 
air
(8 items)
 
CPUMotherboardRAMHard Drive
xeon e3-1230v2 supermicro mbd x9scm-0 KVR1333D3E9S/4G OCZ vertex3 60GB 
CoolingOSPowerCase
1u 80mm blower + passive cpu  proxmox 3.1 supermicro 300w 1u supermicro 1u 
Other
2x intel pro1000 nics  
CPUMotherboardGraphicsRAM
A8-3870K @ 3.7GHz GIGABYTE A75M-UD2H Power Cooler 7870 Team Group Inc 
Hard DriveCoolingOSPower
3x OCZ Agility 3 60GB (RAID-0 on Rocket RAID 27... Corsair H-80 core win-7 Seagate 750 Gold 
CaseAudio
some lian-li case... M-Audio AV40s + 10" Sony ___? 
CPUMotherboardGraphicsRAM
D525 @ 1.8GHz Supermicro onboard 2x2GB DDR1333 
Hard DriveOSCaseOther
WD Green ubuntu 12 1u  3x40mm fans  
  hide details  
Reply
post #5 of 6
well the untrusted certificate doesnt mean its malicious....see you cant get a trustworthy signed certificate without paying money...but you can make your own, the benefits of it are the same (same exact encryption), but it will be signed by you and will come up as untrusted
post #6 of 6
Definitely true, but those are pretty uncommon. I sometimes use them at home for SSH connections or webserver testing, but if you know about SSL and public/private key encryption you probably won't be asking this question
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security