Poster
BT Rep: +100
After wat happened with Oink, I think all good trackers should implement Secure Sockets Layer (SSL via HTTPS). It will b more secure coz the login system will b encryted via their own certificate. RTSv2 has already done tat. Won't it be more secure for users? Is there any negativity with the SSL protocol? Suggestions plz.
Last edited by sovaz; 10-24-2007 at 09:59 AM.
It encrypts traffic between the user and the server, nothing else.
Need a light?
BT Rep: +15
exactly. It would still be just as easy for a baddie to sign-up or get an invite and have access to the site.Originally Posted by Fibre
what makes you think an ssl can save a site ??
it just makes a site secure from a sniffing attack ..
Poster
BT Rep: +1
As for "negativity", it can cripple your server. SSL requests take a lot more processing than plain text requests.
BTW, I wouldn't take the fact that RTS introduced SSL as any sign of security. They did after all have a leaky database which is something no SSL will protect against.
Poster
BT Rep: +100
so there is no real point for SSL then...i mean u can still get attacks n leaky database even with SSL.
Poster
BT Rep: +1
Actually sites need to do four things:
1. Protect their servers - rent them in countries where it is difficult for authorities to confiscate them.
2. Protect identities of the site owner - use some kind of anonymous companies to rent servers. One-day company used for tax reduction schemes and other borderline legal activities costs around $500 where I live.
3. Protect their users - have everything encrypted so only undercover work can harm users. Although some countries (e.g. UK) start to implement laws that allow to send people into jail for not disclosing encryption key. AFAIK, it's only limited to organised crime and terrorism cases but who knows what's next.
4. A disaster recovery plan. Safely hidden backups of everything needed to run the site.
Also I think it's not the best idea to store donations at PayPal. I heard PayPal closes accounts without a second thought.
Most of the things you mentioned are good points.
And yes some countries in Europe even have laws against using too high a encryption algarythm as well. For instance I believe a few years ago you could get in trouble for using more than 128 bit encryption. (Could be wrong but it was somewhere around that figure in Spain.)
The SSL in itself doesnt real do much or protect much. Its kinda pointless other than having the trackers www running off a differant port which helps when being ddos' their isnt much else it really does.
Exactly.
Yep, having an encryption higher than 128bit is illegal in alot of countries. But either way you have to supply them with the encryption key if asked
But if it were my server I would have 1 key that unlocks and 1 key that destroys the hdd. So basically if its raided, and you were detained and asked for the key, give em the wrong one
Poster
BT Rep: +1
AFAIK encryption and the right to not testify against yourself is still a gray area. It's even more difficult with the international nature of the internet. Anyway, don't think someone could get away with destruction of evidence. The person who'll give police the key to destroy the data will end up in jail for sure. Not mention technical problems with this scenario.Yep, having an encryption higher than 128bit is illegal in alot of countries. But either way you have to supply them with the encryption key if asked
But if it were my server I would have 1 key that unlocks and 1 key that destroys the hdd. So basically if its raided, and you were detained and asked for the key, give em the wrong one
Here's the article about UK goverment proposition on encryption http://news.zdnet.co.uk/security/0,1...9269746,00.htm
Posting Permissions
Reply With Quote
Bookmarks