Next
Previous
Contents
- Cryptography in HTTPS and SSH is based on
- public keys cryptography
- HTTPS adds trust of public keys certificates
- Use of these methods is strongly constraining:
- to be more acceptable, degraded modes are available
- the client may "blindly" accept the server's key
- the client may accept that server may have changed his key
- sshmitm and webmitm use those vulnerabilities thus introduced
Next
Previous
Contents