- Joined
- 4 Jun 2021
- Messages
- 5,471 (4.54/day)
Those ubiquitus SSL certs protecting this site, major shopping and banking sites really aren't as secure as you think. Not exactly insecure either, but a determined attacker with the right algorithms and programming knowledge will be able to break the cert allowing them to create a fake site that impersonates the legitimate one to scam people.
This is especially true where the prime factors of the secret key are too close together numerically. Having prime factors that are twin primes (two apart) is the worst of all, but anything close is a bad idea so finding the right prime factors to maximise security isn't trivial. Maybe this is why DigiCert SSL certs cost hundreds whereas your regular cert is only a few dollars? Certainly, I can't see how the free automated Let's Encrypt certs are all that secure, relatively, as does the algorithm to generate them do much optimisation of the encryption keys? It's so quick, that I doubt it does much at all.
So, the thing I've been wondering is, even before finding this video, for a fixed number space, even if it's a massive 2048 bits long, there can't be that many primes in it and the "good" combinations of prime factors even less, to the tune of several orders of magnitude, so doesn't that compromise security right there? Making the key lengths ever longer helps to combat this, but isn't a silver bullet, because computers keep getting ever faster and quickly, too.
But don't panic, always check that the domain is the one that you expect to see - modern web browsers are good at highlighting it - and that the padlock symbol is there too and you'll be alright. Bookmarking sites is a great way to ensure that the correct site is accessed.
Nerd factor: cerebral as the video is quite mathsy, kinda like a Numberphile video.
This is especially true where the prime factors of the secret key are too close together numerically. Having prime factors that are twin primes (two apart) is the worst of all, but anything close is a bad idea so finding the right prime factors to maximise security isn't trivial. Maybe this is why DigiCert SSL certs cost hundreds whereas your regular cert is only a few dollars? Certainly, I can't see how the free automated Let's Encrypt certs are all that secure, relatively, as does the algorithm to generate them do much optimisation of the encryption keys? It's so quick, that I doubt it does much at all.
So, the thing I've been wondering is, even before finding this video, for a fixed number space, even if it's a massive 2048 bits long, there can't be that many primes in it and the "good" combinations of prime factors even less, to the tune of several orders of magnitude, so doesn't that compromise security right there? Making the key lengths ever longer helps to combat this, but isn't a silver bullet, because computers keep getting ever faster and quickly, too.
But don't panic, always check that the domain is the one that you expect to see - modern web browsers are good at highlighting it - and that the padlock symbol is there too and you'll be alright. Bookmarking sites is a great way to ensure that the correct site is accessed.
Nerd factor: cerebral as the video is quite mathsy, kinda like a Numberphile video.