-4

I found some posts on this forum that explained that https settings are possible to crack. see here. Why is it possible to sniff an HTTPS / SSL request?

And here is another post that mentions redirecting trusted certificates so as to fool the victim that they are connecting to the right people.

If these claims are true, what is the best way for us to keep our browsing private? I use Tor and used to have JonDo before it got corrupted.

user7149
  • 129
  • 2
  • 8
  • 2
    Can you name and link the best of these articles? – StackzOfZtuff Jul 01 '15 at 04:11
  • 1
    How do you expect us to argue against a claim which we don't even know? Please outline how the attack proposed by the article(s) is supposed to work and we might be able to tell you how plausible the attack is in practice. – Philipp Jul 01 '15 at 08:51
  • I added the post that talked about this. It's actually on this forum. – user7149 Jul 03 '15 at 21:42
  • In that link's case, nothing is cracked, you just don't have a TLS connection from end-to-end - you have a proxy. Your browser will tell you that the certificate that encrypts the channel doesn't match the destination. It's not possible to be a man-in-the-middle without this kind of alert. – schroeder Jul 03 '15 at 22:45

1 Answers1

1

The privacy of browsing information depends on vulnerability of SSL that your service provider use. If a website using a vulnerable protocol (like as SSLV3 that vulnerable to POODLE attack) or weak signature algorithm (like as Diffie-Hellman (DH) key exchange), absolutely your information is in danger. but for example if a website using TLSV1.2 with RSA.AES.256 key exchange algorithm, u are almost safe! :)

Giac
  • 175
  • 1
  • 6