this post was submitted on 15 Oct 2024
44 points (97.8% liked)

Technology

966 readers
12 users here now

A tech news sub for communists

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 month ago (1 children)

Would this traffic be encrypted just because a website is https or do you have to do something else to encrypt it?

[–] [email protected] 1 points 1 month ago (2 children)

Https is encrypted but it uses TLS which is a method thats pretty crackable with quantum computers as far as im aware. Its main upside isnt even really encryption of your data tho. Because the traffics encrypted it cant be injected with malicious or otherwise stuff. Like unencrypted http traffic can be altered easily and an ISP could insert ads into websites, or malicious actors could alter the website your viewing to redirect you somewhere else etc. So https is very important for that reason. The encryption is nice too but like i said it wont be secure for much longer so theyll have to update it soon to another protocol.

[–] [email protected] 3 points 4 weeks ago* (last edited 4 weeks ago)

Https is encrypted but it uses TLS which is a method thats pretty crackable with quantum computers as far as im aware

No. Current TLS ciphers and key exchanges, are EXTREMELY FAR from "pretty crackable" with anything, quantum or otherwise, especially when considering the lifetime of the keys are so short. The only entities we can reasonably foresee as capable of performing any kind of quantum cracking in the future are going to be global superpowers (arguably only the US and China).

But the keys to all TLS transactions are based in root CAs, and nearly all of those are subject to US/western intelligence jurisdiction. There's no need for the state to crack RSA to compromise TLS. Look into how chain of trust works.

Because the traffics encrypted it cant be injected with malicious or otherwise stuff

MITM has been commercialized, it's basically what Cloudflare does. If a host is behind CF your connection is only encrypted to CF, which then decrypts and re-encrypts the connection from itself to the host. Cloudflare is busy swallowing up the internet, so it's not just state-level attacks that can openly compromise TLS with zero cracking required. VPNs can't protect you from this, either.

The encryption is nice too but like i said it wont be secure for much longer so theyll have to update it soon to another protocol.

I'm sure you have good intentions, but you shouldn't be making statements like this.

[–] [email protected] 2 points 1 month ago

Thanks for explaining that.