One of the Snowden / NSA revelations was that many https enabled browsers and websites have the "forward secrecy" feature turned off by default or not built in at all. This means that someone who records the communication between a computer and the https website might be able to decrypt the communication plus all past communication later when he or she gets hold of the secret RSA key on the server of the website.
I am no expert but I guess it will not take too long before not only the NSA but also the more common malicious hackers and bank robbers have access to this trick, so this hole needs to be plugged
With forward secrecy the same secret key is discarded after the communication, with each session another oneis created
more explanation:
https://community.qualys.com/blogs/secu ... rd-secrecy
Here is a test if your browser supports forward secrecy:
https://cc.dcsec.uni-hannover.de/
(if ECDHE is in the list of supported ciphers your browser is secure. For instance - Dillo, Midori, Arora, Opera are not, Chrome and Firefox are)
check if a given website is using https with forward secrecy:
https://www.ssllabs.com/ssltest/
Two simple security tests
For discussions about security.
Message
Author
Jump to
- House Training
- ↳ Beginners Help ( Start Here)
- ↳ Users ( For the regulars )
- ↳ Für deutschsprachige Anhänger
- ↳ Pour les francophones
- ↳ Usuarios de habla Hispana
- ↳ HOWTO ( Solutions )
- ↳ Bugs ( Submit bugs )
- Advanced Topics
- ↳ Additional Software (PETs, n' stuff)
- ↳ Package Collections / Repositories
- ↳ REQUESTS
- ↳ Browsers and Internet
- ↳ Business
- ↳ Compiling
- ↳ Desktop
- ↳ Documents
- ↳ Drivers
- ↳ Educational
- ↳ Engineering/Science/Simulation
- ↳ Eye Candy
- ↳ Filesystem
- ↳ Games
- ↳ Graphics
- ↳ Multimedia
- ↳ Network
- ↳ Security/Privacy
- ↳ System
- ↳ Utilities
- ↳ Virtualization
- ↳ Unsorted
- ↳ Cutting edge
- ↳ Multi-session live-CD/DVD
- ↳ Hardware
- ↳ Audio
- ↳ Networking
- ↳ Dialup
- ↳ Ethernet
- ↳ Wireless
- ↳ Printers
- ↳ Video
- ↳ Puppy Derivatives
- ↳ Puppy Projects
- ↳ Next Puppy Development
- ↳ 4.x
- ↳ Bugs (4.x dev)
- ↳ Usability Issues (4.x dev)
- ↳ 5.x
- ↳ Bugs (5.x dev)
- ↳ Usability Issues (5.x dev)
- ↳ Localization Project
- ↳ Documentation Project
- Taking the Puppy out for a walk
- ↳ Announcements
- ↳ Puppy Power
- ↳ Suggestions
- ↳ Misc
- Off-Topic Area
- ↳ Programming
- ↳ Security
- ↳ Truly off-topic conversations
- ↳ Spam reports