Is visiting HTTPS websites on a public hotspot secure?
Posted
by
Calmarius
on Super User
See other posts from Super User
or by Calmarius
Published on 2011-01-09T10:31:42Z
Indexed on
2011/01/09
10:55 UTC
Read the original article
Hit count: 238
It's often said that HTTPS SSL/TLS connections are encrypted and said to be secure because the communication between the server and me is encrypted (also provides server authentication) so if someone sniffs my packets, they will need zillions of years to decrypt if using brute force in theory.
Let's assume I'm on a public wifi and there is a malicious user on the same wifi who sniffs every packet. Now let's assume I'm trying to access my gmail account using this wifi. My browser does a SSL/TLS handshake with the server and gets the keys to use for encryption and decryption.
If that malicious user sniffed all my incoming and outgoing packets. Can he calculate the same keys and read my encrypted traffic too or even send encrypted messages to the server in my name?
© Super User or respective owner