![]() ![]() Luckily, there is a way for SSL to function so that even with the private key, previously recorded communications are unable to be decrypted without the SSL session key for that transmission. What that also means, though, is that if the SSL private key was compromised the data actually may not be secure. The reality here is that, without the SSL private key that was used to transmit the data, the encrypted packet captures would be useless. This means that if an attacker was eavesdropping on communications, they wouldn’t have been able to do any more than record the SSL-encrypted transmissions and store them. A somewhat bright light in this story is that the actual encrypted communications were being sent over SSL. ![]() The most important thing to note is that the risks exist due to crucial issues in the utilization of cryptography standards-standards that should have effectively guaranteed privacy of communications. The risk to communicating parties could range from low risk to serious trouble, depending on which version of CryptoCat they were using. Last week it was shown that CryptoCat's implementation of cryptography has been flawed for the past two years. Industry news JMark Stanislav CryptoCat & The Practical Case for Implementing Forward Secrecy ![]()
0 Comments
Leave a Reply. |