Hosting Provided By

Re: HTTPS - How hard to decrypt?

From: Adam Newhard <atnewhard(at)microstrain.com>
Date: Thu Jul 10 2003 - 08:51:38 EDT

Worst answer in the world...it all depends on how you've set it up. Yeah, if you put ssl at 128 bit, your chances are at best on average someone brute forcing at 2^64 tries. If you stay well uptodate on ssl versions, patches, and security "flaws", that's about the best you can do to seal holes. However, always look into updated dependencies that ssl uses as from what i can remember those are usually how people get in. The reason i say it all depends on how you set it up is that (and correct me if i'm wrong b/c i haven't looked into it for a while) there are known attacks that greatly help someone break the ssl code such as the million message attack where the server will actually tell you or give you a pretty good idea of what the error was in your transmission...of course you can and definitely should turn these off.

Intercepting a wireless transmission is obviously a thousand times easier than intercepting wireless and much less obvious...i figure seeing someone plugged into your switch sitting next to you makes it pretty obvious that they're sitting around watching you. Honestly, if i was gonna do something to use your net connection, i'd try to get all your wireless packets routed in through me and just do a man in the middle attack so that, at least while you're there, i could get on.

what happens after they login though...is that garbage still encrypted...like are they just given a private key for wireless transmissions or what?

Adam Newhard
Microstrain, Inc.
If vegetarians eat vegetables, watch out for humanitarians

Original Message ----- From: "Craig Brauckmiller" <c_brauckmiller@lek.com> To: <security-basics@securityfocus.com> Sent: Tuesday, July 08, 2003 1:33 PM Subject: HTTPS - How hard to decrypt?

>
>
> We have begun rolling out wireless cards to our VP laptops. We have also
-
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!

--

>

>




---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: 
http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Received on Thu Jul 10 12:07:14 2003

This message: [ Message body ]
Next message: Damian Menscher: "Re: Top 10 (secure) programs"
Previous message: Gordon Govender: "RE: File permission scanner"
In reply to: Craig Brauckmiller: "HTTPS - How hard to decrypt?"
In reply to Richard Parry: "RE: HTTPS - How hard to decrypt?"
Next in thread: Devdas Bhagat: "Re: HTTPS - How hard to decrypt?"
Reply: David Vertie: "Re: HTTPS - How hard to decrypt?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:05:52 EDT