Is visiting HTTPS websites on a public hotspot secure?

Posted by Calmarius on Super User See other posts from Super User or by Calmarius
Published on 2011-01-09T10:31:42Z Indexed on 2011/01/09 10:55 UTC
Read the original article Hit count: 238

Filed under:
|
|
|
|

It's often said that HTTPS SSL/TLS connections are encrypted and said to be secure because the communication between the server and me is encrypted (also provides server authentication) so if someone sniffs my packets, they will need zillions of years to decrypt if using brute force in theory.

Let's assume I'm on a public wifi and there is a malicious user on the same wifi who sniffs every packet. Now let's assume I'm trying to access my gmail account using this wifi. My browser does a SSL/TLS handshake with the server and gets the keys to use for encryption and decryption.

If that malicious user sniffed all my incoming and outgoing packets. Can he calculate the same keys and read my encrypted traffic too or even send encrypted messages to the server in my name?

© Super User or respective owner

Related posts about security

Related posts about browser