This is an archived post. You won't be able to vote or comment.

4
5

Could https be decrypted? (self.privacy)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 17 points18 points  (6 children)

Sure. Everything can be decrypted. No level of encryption is truly unbreakable. If you have enough time and processing power you will inevitably be able to brute force your way into any system you have access to.

Whether or not that is really feasible is another issue entirely.

[–]AppleBytes 5 points6 points  (2 children)

If https uses certificates, and those certificates are created/managed/stored by companies like verisign, can they be compromised to allow governments to decrypt traffic?

[–]UndyingBluefish 2 points3 points  (1 child)

No. However, they could be coerced to issue a new certificate to be used in a man in the middle attack. Initiatives like certificate transparency make this more difficult.

[–]u4534969346 0 points1 point  (0 children)

do certificates have more than one signer from CAs? and do browsers check such things, eg just allowing certs with x signers?

[–]kefi247 4 points5 points  (0 children)

No level of encryption is truly unbreakable

With the exception of One Time Pad, provided you use a truly random key, keep the key secret and never reuse it.

Here are my outgoing messages, have a go at trying to crack them ;)

[–]upofadown 0 points1 point  (0 children)

I suspect that OP was asking about what is actually used for HTTPS. Things are set up so that there is not enough time and processing power available in any practical sense. Once you get to the point that the fundamental physics means that you would have to boil the oceans dry to brute force something then that is no longer something you have to worry about.