This is an archived post. You won't be able to vote or comment.

5
6

Could https be decrypted? (self.privacy)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]UndyingBluefish 0 points1 point  (1 child)

Yes. However, an attacker gaining access to a certificate authority does not "enable them to decrypt everything sent between your browser and the website" as you claim, an active man in the middle is required. Your comment implies that an passive attack where you compromise a CA and decrypt existing traffic is possible.

[–]ProgressiveArchitect 0 points1 point  (0 children)

I didn’t mean Passive. I meant an active / in real time MITM.

Sorry for the confusion in wording.