Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Hacking & Exploits Network Hacking SSL problem with self-generated certificates?

Thread Rating:
  • 549 Vote(s) - 3.51 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
SSL problem with self-generated certificates?

Offline gamal691


Member
*
Member
Posts: 0
Threads: 0
Joined: May 2022
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-04-2013, 08:48 PM
Just a quick question for all of you knowlegeable about encryption:

If I am using a self-generated certificate (as opposed to a bought certificate) for an SSL connection, is there any chance of the messages being intercepted, or of a MIM attack?

P.S. I'm using python's bult-in ssl library to wrap sockets, if it makes any difference.
Reply

Offline fogramite165591


Member
*
Member
Posts: 1
Threads: 0
Joined: Jun 2018
Reputation: 0
Level: 1 [Level]
Total Points: 0
Rank 0 / 1
99% to upload Level
Rank
Activity 0 / 1
99% to upload your Rank
Activity
Experience 1
99% to upload Experience
Experience

Points: 50
#2
07-04-2013, 10:01 PM
Self-signed = trivial to MITM.

Ok I got bored so let me elaborate.

When you self-sign it, that means there isn't anyone else that can verify if the public key the client received is the correct one. This means an attacker can just intercept the SSL handshake and give the client their self-signed certificate.
Reply

Offline minuteman424486


Member
*
Member
Posts: 0
Threads: 0
Joined: Mar 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
07-04-2013, 10:14 PM
Got it, thanks a bunch w00t.
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through