Site security question.... - GoFuckYourself.com

m0rph3us · 11-08-2001, 01:22 PM

I hear that it is very hard or even impossible for hackers to try to hack a login method where the user must enter the login/password over an SSL 128bit form. This sound correct? If so, why is it that they can't hack that... proxies don't support SSL?

Ludedude · 11-08-2001, 02:16 PM

Quote:

Originally posted by m0rph3us:
I hear that it is very hard or even impossible for hackers to try to hack a login method where the user must enter the login/password over an SSL 128bit form. This sound correct? If so, why is it that they can't hack that... proxies don't support SSL?

I don't think it has anything to do with proxies or the like. SSL basically encrypts the communication between the server and the browser making it practically impossible to sniff or eavesdrop the password. If they do manage to grab a password though, SSL won't prevent them from using it. If paysites were to issue certificates using SSL, it would make it that much harder as the user would need to authenticate his/her identity with that certificate to the server. Not likely to happen in the near future due to the relative complexity of this method. Most paysites have guardian programs that will shut down passwords in short order if they're coming from too many different IP addresses at once etc. which should work just fine.

------------------
Make BANK with these Babes!
The Webmaster's Folder
The Midnight TGP2 Submitter

11-08-2001, 01:22 PM	#1
m0rph3us Confirmed User Join Date: Mar 2001 Location: Principality of Sealand Posts: 2,033	Site security question.... I hear that it is very hard or even impossible for hackers to try to hack a login method where the user must enter the login/password over an SSL 128bit form. This sound correct? If so, why is it that they can't hack that... proxies don't support SSL?