0

In the top answer to

it is recommended:

Generally, use HTTPS for anything that needs to be secure (you should do this anyway, also over ethernet, but especially over Wi-Fi now), use a VPN as an extra layer, etc.

I'm trying to grasp how HTTPS could be secure over a broken transport layer. Isn't a man-in-the-middle attack possible? Are there other concerns I'm not thinking about?

Is HTTPS actually reliable protection when used over open or broken WiFi?

Edit: I'm aware of the math details of asymmetric cryptography. I'm asking about MITM. I guess what I was missing is the security aspect of the HTTPS certificates being signed. In that case, if I'm understanding right, trusting self-signed certificates and using WPA2 would allow a man-in-the-middle attack? But if you have a valid list of certificate authorities (a valid way to check the signatures on certs) and you don't trust self-signed certs...then you would be safe?

Wildcard
  • 159
  • 2
  • 9
  • 4
    You aren't getting the certificate from the WiFi access point, right? So why would it affect it? :) What you'd have to watch out for are HTTPS downgrade attacks such as SSL Strip. HSTS helps prevent this. – Mark Buffalo Oct 20 '17 at 16:31
  • the reason we encrypt is to protect the communication over untrusted networks .... – schroeder Oct 20 '17 at 16:40
  • @schroeder, please see edit. – Wildcard Oct 20 '17 at 16:43
  • 2
    Effectively, the entire point of HTTPS is to protect against a man-in-the-middle on an otherwise insecure network. If you do anything to subvert the requirements of HTTPS, such as trusting certs for which you have no valid basis to trust, than a man-in-the-middle attack is possible. – Xander Oct 20 '17 at 18:41
  • 2
    fwiw, wired Ethernet is "wide open" in this respect as well, but you don't see lot of panic – dandavis Oct 21 '17 at 07:51
  • @dandavis, yeah, I'm not worried about someone patching into my cat5 cables. – Wildcard Oct 21 '17 at 09:27
  • In any case, the question is KRACK-agnostic and even Wifi-agnostic. The question is about MITM. – curiousguy Oct 22 '17 at 01:35

0 Answers0