Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Suggestion: All good trackers must use secure ssl certificates!

  1. #1
    sovaz's Avatar Poster BT Rep: +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100
    Join Date
    Jul 2006
    Posts
    499
    After wat happened with Oink, I think all good trackers should implement Secure Sockets Layer (SSL via HTTPS). It will b more secure coz the login system will b encryted via their own certificate. RTSv2 has already done tat. Won't it be more secure for users? Is there any negativity with the SSL protocol? Suggestions plz.
    Last edited by sovaz; 10-24-2007 at 09:59 AM.


  2. BitTorrent   -   #2
    Poster
    Join Date
    Oct 2007
    Posts
    423
    It encrypts traffic between the user and the server, nothing else.

  3. BitTorrent   -   #3
    awoeonip's Avatar Need a light? BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    Jun 2007
    Posts
    188
    Quote Originally Posted by Fibre View Post
    It encrypts traffic between the user and the server, nothing else.
    exactly. It would still be just as easy for a baddie to sign-up or get an invite and have access to the site.

  4. BitTorrent   -   #4
    BANNED BT Rep: +3
    Join Date
    May 2007
    Posts
    1,091
    what makes you think an ssl can save a site ??

    it just makes a site secure from a sniffing attack ..

  5. BitTorrent   -   #5
    rvt's Avatar Poster BT Rep: +1
    Join Date
    Aug 2007
    Posts
    441
    As for "negativity", it can cripple your server. SSL requests take a lot more processing than plain text requests.

    BTW, I wouldn't take the fact that RTS introduced SSL as any sign of security. They did after all have a leaky database which is something no SSL will protect against.

  6. BitTorrent   -   #6
    sovaz's Avatar Poster BT Rep: +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100
    Join Date
    Jul 2006
    Posts
    499
    so there is no real point for SSL then...i mean u can still get attacks n leaky database even with SSL.


  7. BitTorrent   -   #7
    AugustoP's Avatar Poster BT Rep: +1
    Join Date
    Mar 2007
    Posts
    620
    Actually sites need to do four things:
    1. Protect their servers - rent them in countries where it is difficult for authorities to confiscate them.
    2. Protect identities of the site owner - use some kind of anonymous companies to rent servers. One-day company used for tax reduction schemes and other borderline legal activities costs around $500 where I live.
    3. Protect their users - have everything encrypted so only undercover work can harm users. Although some countries (e.g. UK) start to implement laws that allow to send people into jail for not disclosing encryption key. AFAIK, it's only limited to organised crime and terrorism cases but who knows what's next.
    4. A disaster recovery plan. Safely hidden backups of everything needed to run the site.

    Also I think it's not the best idea to store donations at PayPal. I heard PayPal closes accounts without a second thought.

  8. BitTorrent   -   #8
    Quote Originally Posted by AugustoP View Post
    Actually sites need to do four things:
    1. Protect their servers - rent them in countries where it is difficult for authorities to confiscate them.
    2. Protect identities of the site owner - use some kind of anonymous companies to rent servers. One-day company used for tax reduction schemes and other borderline legal activities costs around $500 where I live.
    3. Protect their users - have everything encrypted so only undercover work can harm users. Although some countries (e.g. UK) start to implement laws that allow to send people into jail for not disclosing encryption key. AFAIK, it's only limited to organised crime and terrorism cases but who knows what's next.
    4. A disaster recovery plan. Safely hidden backups of everything needed to run the site.

    Also I think it's not the best idea to store donations at PayPal. I heard PayPal closes accounts without a second thought.
    Most of the things you mentioned are good points.
    And yes some countries in Europe even have laws against using too high a encryption algarythm as well. For instance I believe a few years ago you could get in trouble for using more than 128 bit encryption. (Could be wrong but it was somewhere around that figure in Spain.)

    The SSL in itself doesnt real do much or protect much. Its kinda pointless other than having the trackers www running off a differant port which helps when being ddos' their isnt much else it really does.

    Quote Originally Posted by sovaz View Post
    so there is no real point for SSL then...i mean u can still get attacks n leaky database even with SSL.
    Exactly.

  9. BitTorrent   -   #9
    I Run It
    Join Date
    Sep 2007
    Location
    New Jersey
    Age
    39
    Posts
    249
    Quote Originally Posted by Melvinmeow View Post
    And yes some countries in Europe even have laws against using too high a encryption algarythm as well. For instance I believe a few years ago you could get in trouble for using more than 128 bit encryption. (Could be wrong but it was somewhere around that figure in Spain.)
    Yep, having an encryption higher than 128bit is illegal in alot of countries. But either way you have to supply them with the encryption key if asked
    But if it were my server I would have 1 key that unlocks and 1 key that destroys the hdd. So basically if its raided, and you were detained and asked for the key, give em the wrong one

  10. BitTorrent   -   #10
    AugustoP's Avatar Poster BT Rep: +1
    Join Date
    Mar 2007
    Posts
    620
    Quote Originally Posted by darkness View Post
    Quote Originally Posted by Melvinmeow View Post
    And yes some countries in Europe even have laws against using too high a encryption algarythm as well. For instance I believe a few years ago you could get in trouble for using more than 128 bit encryption. (Could be wrong but it was somewhere around that figure in Spain.)
    Yep, having an encryption higher than 128bit is illegal in alot of countries. But either way you have to supply them with the encryption key if asked
    But if it were my server I would have 1 key that unlocks and 1 key that destroys the hdd. So basically if its raided, and you were detained and asked for the key, give em the wrong one
    AFAIK encryption and the right to not testify against yourself is still a gray area. It's even more difficult with the international nature of the internet. Anyway, don't think someone could get away with destruction of evidence. The person who'll give police the key to destroy the data will end up in jail for sure. Not mention technical problems with this scenario.

    Here's the article about UK goverment proposition on encryption http://news.zdnet.co.uk/security/0,1...9269746,00.htm

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •