Log In / Register
What if someone breaks HTTPS SSL/TLS? It has happened before

3rdKey.com is a little different than most web sites that use secure connections to communicate with browsers, when it comes to security, "we do not trust anything."

Just a couple years ago, in 2014, SSL version 3.0 was broken, and the industry had to come up with a new method of keeping internet communications secure. Hence TLS was created, and quickly version 1.0 became 1.1, which then became 1.2. Which is the current standard, and is believed to be impenetrable.

But here at 3rdKey.com, we are not so quick to just accept things. We think "if it was possible to break SSL 3.0 then maybe its possible to break TLS 1.2 as well." In which case, we want a way to keep your data safe, even if TLS 1.2 (or whatever the current standard might be) is broken.

But, even more to the point, any secure communication that relies on a Certificate Authority can be breached if someone using the browser has seen a certificate warning and clicked "use this web site anyway".

Sometimes this can "mean that the Web surfer is being redirected somehow to a fake Web site."
--ComputerWorld

And here is where it gets really scary... If you go to a web site that you trust, and get a certificate warning, and click through to the web site, accepting the certificate, you are also accepting the Certificate Authority that signed that certificate. This means that any other certificate signed by that Certificate Authority (real or fake) will now be accepted at any site you visit, or any Man-In-The-Middle attacker that intercepts your communication (like a public WiFi).

Or, if you are using an internet cafe, someone else, some time in the past, could have clicked through to a web site accepting a certificate and Certificate Authority, that now means that you accept a certificate that is not for the site you are visiting.

So, even though you verify that a site is using HTTPS over TLS 1.2, you can not be certain that someone else is not listening in, or even modifying your communications, because the certificate could have been faked.

That is why 3rdKey.com does more than just use HTTPS over TLS 1.2. We encrypt the communication further, through our own algorithm, and require your 3rd key to decipher the communication.

Sources: Microsoft / digicert / ComputerWorld / InMotionHosting / MakeUseOf


 
Home Log In Register FAQ Challenge Phishing Privacy Policy 3rdKey Cookies Advertising Cookies ©copyright 1997-2022