Silk Road forums
Discussion => Newbie discussion => Topic started by: SirNomDePlum on July 18, 2013, 05:38 am
-
Suppose that you wanted to spy on people. First, you would need to capture requests along with the returned web pages. But those pages are encrypted (sent via HTTPS rather than HTTP), so you would also have to break the encryption. Firefox tells us this is "very difficult" and "very unlikely"
But every lock has a key. Anyone in possession of this master key can read the encrypted HTTPS pages. All of them. Every single encrypted web page that has ever been transmitted to millions of former users can be decrypted with a single master key.
Annex D.5.1 of IEEE 1363-2000
-
I don't think that means what you think it means.
-
Anyone in possession of this master key can read the encrypted HTTPS pages.
There is not 1 key (to rule them all) that exists that can decrypt every encrpyted SSL page. Like the PGP you should be using on Silk Road, SSL's encryption makes it so that only the intended recipient can read the message. If anyone was spying, they would have a pile of data that a supercomputer couldn't crack.
-
That's not what it means. You took the whole thing out of context without researching what it means or from whence it came.
Clearnet links:
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
http://blogs.computerworld.com/encryption/22366/can-nsa-see-through-encrypted-web-pages-maybe-so
https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy
http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html
-
That's pretty neat I learned something today.