Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 26 Nov 2014, 11:24
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Two simple security tests
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count_1  
Author Message
Dromeno

Joined: 12 Sep 2008
Posts: 538

PostPosted: Sat 09 Nov 2013, 05:37    Post_subject:  Two simple security tests
Sub_title: https pfs test for browsers and websites
 

One of the Snowden / NSA revelations was that many https enabled browsers and websites have the "forward secrecy" feature turned off by default or not built in at all. This means that someone who records the communication between a computer and the https website might be able to decrypt the communication plus all past communication later when he or she gets hold of the secret RSA key on the server of the website.

I am no expert but I guess it will not take too long before not only the NSA but also the more common malicious hackers and bank robbers have access to this trick, so this hole needs to be plugged

With forward secrecy the same secret key is discarded after the communication, with each session another oneis created

more explanation:
https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy

Here is a test if your browser supports forward secrecy:

https://cc.dcsec.uni-hannover.de/

(if ECDHE is in the list of supported ciphers your browser is secure. For instance - Dillo, Midori, Arora, Opera are not, Chrome and Firefox are)

check if a given website is using https with forward secrecy:

https://www.ssllabs.com/ssltest/
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count_1  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0357s ][ Queries: 11 (0.0033s) ][ GZIP on ]