Any false security I may have had around any large organisation (including government) being as fallible and poorly organised as the people within it and unable to consume the necessary volume of information to be effective without genuinely prohibitive expense has vanished in recent years. I use self-signed certificates for the on-line services I run for myself there’s a reason I run them myself.
It probably doesn’t matter anyway, why try and break encryption when you can just knock on the door and ask politely like most government agencies and police forces can in some form or other. That is, if there was an alternative, which there isn’t. Taking PRISM’s (and other country’s similar program’s) implications into account, frequent technical weaknesses exploited through techniques such as BEAST or BREACH, the ease with which a fake CA can be installed on most devices and the decidedly risky nature of ‘trusting’ any Certificate Authorities (CAs) after recent scandals and revelations, I’d have a hard time convincing anyone to use SSL/TLS. How it’s configured and the options and ciphers you allow (or not) are far more important, but that’s an article for another day. You really shouldn’t be using it however, don’t just use v3 or TLS and consider that enough to offer a good security posture. used with it) is widely considered as insecure. Ignoring our post-PRISM world for a moment (everyone is anyway right?) from a technical standpoint SSLv2 (regardless of the ciphers etc. If you’re reading this article and you’re responsible for and careabout the privacy and security of your traffic, please keep in mind that SSL/TLS, in reality, presents no more than a façade of security today in the same way money apparently represents real value and different sex marriages normality and stability. However, there are plenty of other reasons to consider it insecure.
Isn’t SSL/TLS Secure?ĭon’t let this article give you the impression it’s not as you’ll see from the next section, there’s a good deal of requirements that must be met. Note I’ve now also written a version of this article but using ssldump for real-time decryption at the command line. This article examines the requirements and Wireshark configuration required to do so and provides some information on issues commonly encountered when using this feature. This is an extremely useful Wireshark feature, particularly when troubleshooting within highly secure network architectures. I mentioned in my Tcpdump Masterclass that Wireshark is capable of decrypting SSL/TLS encrypted data in packets captured in any supported format and that if anyone wanted to know how for them to ask.
0 kommentar(er)
