Https

From LinuxReviews
Jump to: navigation, search

https is a protocol identical to normal http:// which uses a different port (443, not http's port 80) and an additional encryption/authentication layer between HTTP and TCP.

[edit] Security

https provides an additional encryption layer between HTTP and TCP, and that's it.

  • http will fetch many resources pr. request. (the HTML page, stylesheet, images, etc).
  • https does not disturb timing much. It does not hide the lenght of request.

[edit] Attacks

  • Visit SSL websites and profile the requests. Make a list of the requests, retrieved resources and their lenghts.
  • Then observe the sequence of retrieved resource lenghts of the victim. Compare it to the profiles and you can make a relatively good guess about which page they match.

This can further be used by looking at the links on the web-pages on a https protected website. Guess which pages a user are likely to go to from other pages, and you're able to make a good guess at the sequence.

[edit] Additional security

Tor is a network security tool which protects against traffic analysis. Tor is a excellent way of adding additional protection to protocols such as https and SSH.

Retrieved from "http://en.linuxreviews.org/w/index.php?title=Https&oldid=3972"
Personal tools
linuxreviews
Privacy policy
linux events
ipv6
Networking

Meet New People

You need to login to edit or create pages on this wiki.

IPv6

Search:

linux newz | random page | poetry | free blog | adult dating