Is https safe?

Yeah sure, but sha is not mathematicly prooven nor prooven wrong, so it might be reversable somehow.

Part of the design docs for SHA was the proof that it was not reversible. It's the entire point of a hashing function.

Afaik it's only a proof of function and it is considered secrure, because nobody was able to reverse it yet

THE ABSENCE OF EVIDENCE IS NOT !! THE EVIDENCE OF ABSENCE

Attached: 28073D5A-583E-45F2-9B49-A1756364D754.jpg (640x485, 92K)

/thread

Stupid incels, if you can connect it to the internet it has a backdoor. no matter what country or manufacturer

>is https safe
Nothing is safe. Technology is like the "the game", the only way to win is to not play

>It'd be worse than a nuke going off in a major city.

Attached: 1544763503879.png (895x955, 591K)

>CAs are a serious national security level asset
You literally just layed out why the three letter glowies have backdoors in everything.

>serious national security level asset

So you're saying they have full access and control over them and can fabricate credentials as needed

That's not what comped means.

As Slarty Bartfast said...
It's so hard to tell what's actually going on you might as well just ignore it all.

>how to backdoor math
youtube.com/watch?v=nybVFJVXbww
Computerphile has a good video on it

They don’t need backdoors in TLS, they have the keys.

Some of the NIST shilled elliptical curves were insecure.

In 2013 when most HTTPS connections were using RC4, a certain three letter agency had racks of ASICS doing real-time decryption and feeding the result into their big global search engine, like it was straight HTTP.

And the same outfit spent a "bunch" of money to figure out the "default" DH that was shipped with many distributions, where "bunch" is a very large number.

You can't expect the situation in 2019 to be any better, really.

dont kid yourself, youll never get compd cuz no one cares aboutyou

Considering RC4 and DH were proven shit you can expect the situation to be different.

Even fucking Kazakhstan is able to almost render HTTPS useless:

security.stackexchange.com/questions/213921/how-can-kazakhstan-perform-mitm-attacks-on-all-https-traffic

Now just imagine what Big Brother over at the fucking NSA can do.

Caesar cipher is an encryption algorithm. is it secure? backdoor in this context means it was adopted widely while certain people already know how to break it, and those people might have even designed it or popularized it

i think https is compromised even more simply: at the certificate authorities. nsa has known entry points in isp networks where they can watch or modify data. all thats needed is to replace certs with one they have keys to and the hardest part is to make CAs sign off these certs. as usual, social engineering trumps math and technical solutions. not that i dont figure the nsa has cracked tls, but its a waste of money to decrypt everything that way when you can just play mitm. Last point: how sure are you that they even need to break https? how do you know that your computer isnt sending them info around tls, especially if you use popular software and hardware

yeah except kazakhstan did the equivalent of just breaking the window to get into the house. the NSA can't.

can someone please explain how the government could control every CA

They literally have the private keys.

The real redpill is that it doesn't matter if they have https, tls, or whatever encryption backdoored, because they can never act upon it alone. You can watch whatever content you want, and they won't come after you as long as its encrypted, why? Because if they came after you, then it means that it would reveal to the world that the current protocols being used are unsafe, this would mean public panic.

Because they can't act upon it alone, then it doesn't matter if they know you watch those things. This means that if you keep your tracks clean, which is what you're doing out of fear currently, you're safe from punishment. You can live your 80 years on this planet, and it doesn't matter that there were interns in Redmond Washington watching your browser history.

>NSA backdoors in
The answer is always yes

actually sort of an interesting point. if its actually secret enough i don't see whats stopping the US govt from giving a court order to get a private key from comodo/godaddy/whoever.

except it would be the biggest shitstorm in security history. probably actually wouldn't be worth it from their end either honestly. they probably have more to gain using other more obscure means (some secret backdoor in some elliptic curve standard they mandated). it's just way simpler that way and there's 0 chance of scandal

fuck off you literal fucking shill

It's expected from the greatest country in the world.

wtf would I even be shilling

this is a good point in that it's true that they can't get you on how they're actually figuring out the information (backdoors)

but you're missing the fact that they can literally just make anything up and people will buy it. they can just say "oh we found a blog post or something and we linked all the data together using advanced forensic techniques and we got him!!!!" and no one will give a shit

Then you can always throw it back on them, and say that what they did is impossible, and then funnel through the courts. You can even bring in security experts who will agree with you because that's all they've ever been taught.

This would then escalate through the court system until you reach the supreme court, which is what they would want to avoid because it would blow the entire thing over, and it's better to spy on people than to risk it all over with small fish.

youtube.com/watch?v=bfDPtt-bnAI

...